Abstract
This page provides information about how to forward Syslog or Rsyslog messages to SAP IT Operations Analytics (SAP ITOA). Please check in your environment if Syslog or Rsyslog daemon is in use.
The following configuration can be performed in central service (Syslog or Rsyslog server) or in desired instance (end device).
Please check this
blog for further data source integrations.
SAP ITOA
Before starting with Syslog or Rsyslog configuration, SAP ITOA needs to be prepared to receive Syslog or Rsyslog streaming content.
Therefore create a new data source (bucket) in SAP ITOA, activate syslog receiver plugin, define network port & network protocol (TCP or UDP) and start the syslog receiver service.
For the following Syslog and Rsyslog configuration examples we will refer to this SAP ITOA configuration example:
PARAMETER |
VALUE |
Hostname |
itoa-adapter.company.corp |
Network Port |
1515 |
Network Protocol |
TCP |
Syslog-ng
Please add the following configuration in the central Syslog server or desired instance (end device). Login to the instance via console (e.g. PuTTY) with an administration account (e.g. root user).
The typical location of the Syslog configuration file is
/etc/syslog-ng/syslog-ng.conf. Please check the operating system documentation for further details.
/etc/syslog-ng/syslog-ng.conf |
destination d_itoa { tcp("itoa-adapter.company.corp" port(1515) time_zone("+00:00") ); };
log { source(src); destination(d_itoa); }; |
Further Information:
PARAMETER |
DESCRIPTION |
d_itoa |
Destination identifier |
tcp |
Network protocol |
itoa-adapter.company.corp |
IP address or host name of SAP ITOA Adapter instance |
1515 |
Network port, SAP ITOA Adapter is listening |
src |
Source identifier (Syslog content defined in Syslog configuration file) |
Save the configuration changes and restart Syslog service.
service syslog restart
Check in SAP ITOA user interface weather Syslog messages are received.
Rsyslog
Please add the following configuration in the central Rsyslog server or desired instance (end device). Login to the instance via console (e.g. PuTTY) with an administration account (e.g. root user).
The typical location of the Rsyslog configuration file is
/etc/rsyslog.conf. Please check the operating system documentation for further details.
/etc/rsyslog.conf |
$PreserveFQDN on
*.* @@itoa-adapter.company.corp:1515 |
Further Information:
PARAMETER |
DESCRIPTION |
$PreserveFQDN on |
Optional: Use FQDN information (instead host name) |
*.* |
Forward all information (Rsyslog content defined in Rsyslog configuration file) |
@@ |
Network protocol TCP (@ = UDP / @@ = TCP) |
itoa-adapter.company.corp |
IP address or host name of SAP ITOA Adapter instance |
1515 |
Network port, SAP ITOA Adapter is listening |
Save the configuration changes and restart Rsyslog service.
service rsyslog restart
Check in SAP ITOA user interface weather Rsyslog messages are received.
Troubleshooting
In case of problems check the following issues:
- Please check in SAP ITOA data source (bucket) if the syslog receiver plugin is activated (check SAP ITOA administration manual for more details)
- Please check if SAP ITOA Adapter service is running. Therefore login with an user with administration authorization, via console (e.g. PuTTY) to SAP ITOA Adapter instance and execute the following command:
- Please check if Syslog or Rsyslog messages are received in SAP ITOA Adapter instance (network activity). Therefore login with an user with administration authorization, via console (e.g. PuTTY) to SAP ITOA Adapter instance and execute the following command:
tcpdump -A -s 0 -i eth0 port 1515
|
Please adjust network card configuration (eth0) to your setup.
- Use the same approach (check network activity) in source instance to check if Syslog or Rsyslog messages are forwarded to SAP ITOA Adapter
- Check the log file of SAP ITOA Adapter which is typically available in /usr/sap/itoa_adapter/logs/itoa-adapter.log
Further Information