Syslog is a widely used standard for message logging. It permits the separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Delphix makes use of syslog as one of the standard mechanisms, along with SNMP and email, to distribute important user and system events, such as alerts, faults, and audits. In the case of Delphix, each Delphix Engine acts as a syslog client which propagates the events to a centralized syslog server.
The network protocol over which the Delphix Engine communicates with the syslog server is standardized in RFC 5424. As a protocol, it supports using either UDP (RFC 5426) or TCP (RFC 6587) as the underlying transport and optional TLS mapping has been introduced to encrypt the messages over the wire for security purposes (RFC 5425). However, as of this release, we only support syslog over UDP with no encryption, which implies that syslog messages are always sent in the clear and may be lost during transmission and delivered out of order due to the limitations of UDP.
To configure for syslog support, you must specify the communication endpoint to which the syslog server listens, which includes the hostname or IP address of the syslog server and an optional port number. The latter defaults to 514 according to the syslog standard but it can be changed if necessary.
System and user events generated by Delphix are always forwarded immediately to the syslog server, which ensures the timely delivery of important events that may require immediate action.
A couple of different output formats are supported for messages delivered over syslog, namely, TEXT and JSON. The TEXT format is the default. To change the message format, as of this release, you must do so via the CLI.
- Log into the Delphix Setup application using sysadmin credentials.
- Select Preferences > Syslog Configuration.
- Select Enable Syslog.
- Select the severity level of the messages you want to be sent to the syslog server.
- Click the pencil icon next to Syslog Servers and then in the Syslog Configuration window select the plus icon.
- Enter the syslog server hostname/IP address and port number.
- Click Save.