Syslog
A Syslog handler sends messages to the UNIX system log as governed by RFC 5424, The Syslog Protocol.
Note
The implementation currently only supports writing access messages, not error messages. As a result, this feature is of limited use in most deployments.
To enable a Syslog handler, see "Configure a Custom Access Log". The JSON configuration file for the Syslog handler has the following format:
{
"class": "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler",
"config": {
"name": string, // Handler name, such as "syslog".
"enabled": boolean, // Default: false.
"topics": array, // LDAP: "ldap-access"; HTTP: "http-access".
"protocol": string, // "TCP" or "UDP".
"host": string, // Syslog daemon host, such as localhost;
// must resolve to IP address.
"port": number, // Syslog daemon port number, such as 514; range: 0 to 65535.
"connectTimeout": number, // If using TCP, milliseconds to wait before timing out.
"facility": string, // Syslog facility to use for event messages.
"buffering": { // (Optional) Default: write each message separately, no buffering.
"enabled": boolean, // Buffer messages to be sent? Default: false.
"maxSize": number // Maximum number of buffered messages. Default: 5000.
}
}
} For a sample configuration, see opendj/config/audit-handlers/syslog-config.json-example.
For additional details, see "Syslog Facility Values".
| Value | Description |
|---|---|
| | Kernel messages. |
| | User-level messages. |
| | Mail system. |
| | System daemons. |
| | Security/authorization messages. |
| | Messages generated internally by |
| | Line printer subsystem. |
| | Network news subsystem. |
| | UUCP subsystem. |
| | Clock daemon. |
| | Security/authorization messages. |
| | FTP daemon. |
| | NTP subsystem. |
| | Log audit. |
| | Log alert. |
| | Clock daemon. |
| | Local use 0. |
| | Local use 1. |
| | Local use 2. |
| | Local use 3. |
| | Local use 4. |
| | Local use 5. |
| | Local use 6. |
| | Local use 7. |