How to Configure and Use Syslog and Serilog Sinks?
Syslog Configuration
Recommended Tools:
- Visual Syslog Server (recommended)
- Syslog Watcher Manager (Note: Has a limit of 5000 messages/hour)
Configuration Steps:
Currently, we support Syslog (UDP) using the RFC5424 Output format for external logger configuration.
To visualize MetaDefender Storage Security audit logs centrally, integrate a Syslog (UDP) server using these details:
- Server address: IPv4, IPv6, and Host Name formats supported.
- Port: Specified Syslog server port.
- Syslog Facility: As per configuration needs.
- Output format: RFC5424.
You can add up to 5 external logger configurations of each type.
Syslog Message Format
RFC5424 message format is supported:
<PRI>VERSION TIMESTAMP HOSTNAME APP-NAME PROCID MSGID STRUCTURED-DATA MSG
- PRI: Priority value
- VERSION: Syslog protocol specification version
- TIMESTAMP: Formalized timestamp
- HOSTNAME: Sending machine
- APP-NAME: Application or device originating message
- PROCID: Process name or ID
- MSGID: Message type
- STRUCTURED-DATA: Parsable data format
- MSG: Informative free-form message
Example Syslog Message
<110>1 2024-03-26T12:27:58.276724+02:00 LP10-D8569 MetaDefenderStorageSecurity 36800 - [meta UserName="jdavis" UserId="e69e8c2d-4dcc-4489-8f40-0df84199de52" EventTimestamp="03/26/2024 10:27:58" Category="3" LogType="600"] John Davis (jdavis) logged in.Serilog Sinks
What is Serilog?
Serilog is a structured logging library for .NET applications, which allows logging to various destinations called sinks, including Syslog, files, HTTP endpoints, and console.
Commonly Used Serilog Sinks and Configurations:
- Serilog.Sinks.Syslog
Logs events to remote syslog servers via UDP or TCP, supporting RFC3164 and RFC5424 formats.
"WriteTo": [ { "Name": "TcpSyslog", "Args": { "host": "<ip_host>", "port": 514, "appName": "<your_app_name>", "format": "RFC5424", "facility": "<facility_name>", "outputTemplate": "[{Timestamp:u}] [{Level}] {SourceContext}: {Message:lj}{NewLine}{Exception}" } } ]- Serilog.Sinks.Http
Sends log events via HTTP/S to remote endpoints.
"WriteTo": [ { "Name": "Http", "Args": { "requestUri": "<your_request_uri>", "queueLimitBytes": null } } ]- Serilog.Sinks.Console
Writes log events to the console.
"WriteTo": [ { "Name": "Console", "Args": { "outputTemplate": "[{Timestamp:u}] [{Level}] {Namespace}: {Message:lj}{NewLine}{Exception}" } } ]- Serilog.Sinks.File
Writes logs to a file.
"WriteTo": [ { "Name": "File", "Args": { "buffered": false, "fileSizeLimitBytes": 500000000, "outputTemplate": "[{Timestamp:u}] [{Level}] {Namespace}: {Message:lj}{NewLine}{Exception}", "path": "logs/log.txt", "retainedFileCountLimit": "10", "rollingInterval": "Day", "rollOnFileSizeLimit": true } } ]Testing & Validation:
Use tools like Visual Syslog Server or test HTTP endpoints to validate your logging configurations and ensure logs are captured correctly.
If Further Assistance is required, please proceed to log a support case or chatting with our support engineer.
