The StrongAuth KeyAppliance logs all application level messages to the default glassfish logging directory $GLASSFISH_HOME/domains/domain1/logs. In addition to this, the appliance supports the ability to log application level messages to the linux syslog system. When configured properly application logs can be sent off the network to a remote syslog server.
To configure the appliance for logging to syslog, follow these steps:
- Log in as strongauth into the SAKA.
- Configure glassfish to log to the local syslog server:
shell> asadmin set-log-attributes handlers=java.util.logging.ConsoleHandler,com.sun.enterprise.server.logging.SyslogHandlershell> asadmin set-log-attributes com.sun.enterprise.server.logging.SyslogHandler.useSystemLogging=true - This configuration will not take effect until glassfish is restarted. If the SAKA is not servicing traffic, you can restart glassfish now with the command:
shell> sudo service glassfishd restart - If you restarted glassfish, you should have Key Custodians set their PINs to activate the appliance.
- Log out of the SAKA as strongauth and back in as root
- Edit the /etc/hosts file. Make sure that the entry for 127.0.0.1 includes the fqdn of the appliance. This is important for the correct name to show up in the syslog messages. Example:
127.0.0.1 saka217.strongauth.com localhost localhost.localdomain
NOTE:It is important that the fqdn is put ahead of localhost on this line. Putting the fqdn at the end of the line will not work. - Edit the /etc/rsyslog.conf file.
Uncommon the following lines so that the local syslog system can receive messages from the application server:
$ModLoad imudp $UDPServerRun 514
By default, the application message will be logged into /var/log/messages. Because of the quantity of messages the application creates, this may not be desired. To disable this logging, modify the rule for /var/log/messages to the following:
*.info;mail.none;authpriv.none;cron.none;daemon.none var/log/messages
By default the remote server will receive messages with only the domain name to identify where the record originated. If it is preferred that the fully qualified domain name is in the message, add the following to the file:
$PreserveFQDN on
To forward the messages to a remote syslog server, add a rule to the end of the file describing what messages to send and where to send them. For example:
daemon.* @@10.0.2.217:514
This would forward application messages to the remote syslog server at 10.0.2.217. Alternatively, all messages can be forwarded with:
*.* @@10.0.2.217:514
Save the file once you've finished adding the preferred rules.
- For changes to take effect, restart rsyslog:
shell> systemctl restart rsyslog
This concludes configurations on the SAKA. Verify that the remote syslog server is receiving messages from the SAKA. If there are any issues receiving the messages, verify that there are no firewalls that may be blocking messages from the SAKA to the remote syslog server.