Skip to Content

Abstract

This page provides information about how to forward Syslog or Rsyslog messages to SAP IT Operations Analytics (SAP ITOA). Please check in your environment if Syslog or Rsyslog daemon is in use.

The following configuration can be performed in central service (Syslog or Rsyslog server) or in desired instance (end device).

Please check this blog for further data source integrations.

 

SAP ITOA

Before starting with Syslog or Rsyslog configuration, SAP ITOA needs to be prepared to receive Syslog or Rsyslog streaming content.

Therefore create a new data source (bucket) in SAP ITOA, activate syslog receiver plugin, define network port & network protocol (TCP or UDP) and start the syslog receiver service.

For the following Syslog and Rsyslog configuration examples we will refer to this SAP ITOA configuration example:

PARAMETER VALUE
Hostname itoa-adapter.company.corp
Network Port 1515
Network Protocol TCP

 

 

Syslog-ng

Please add the following configuration in the central Syslog server or desired instance (end device). Login to the instance via console (e.g. PuTTY) with an administration account (e.g. root user).

The typical location of the Syslog configuration file is /etc/syslog-ng/syslog-ng.conf. Please check the operating system documentation for further details.

 

/etc/syslog-ng/syslog-ng.conf

destination d_itoa { tcp(“itoa-adapter.company.corp” port(1515) time_zone(“+00:00”) ); };

log { source(src); destination(d_itoa); };

 

Further Information:

PARAMETER DESCRIPTION
d_itoa Destination identifier
tcp Network protocol
itoa-adapter.company.corp IP address or host name of SAP ITOA Adapter instance
1515 Network port, SAP ITOA Adapter is listening
src Source identifier (Syslog content defined in Syslog configuration file)

 

Save the configuration changes and restart Syslog service.

service syslog restart

Check in SAP ITOA user interface weather Syslog messages are received.

 

Rsyslog

Please add the following configuration in the central Rsyslog server or desired instance (end device). Login to the instance via console (e.g. PuTTY) with an administration account (e.g. root user).

The typical location of the Rsyslog configuration file is /etc/rsyslog.conf. Please check the operating system documentation for further details.

 

/etc/rsyslog.conf

$PreserveFQDN on

*.* @@itoa-adapter.company.corp:1515

 

Further Information:

PARAMETER DESCRIPTION
$PreserveFQDN on Optional: Use FQDN information (instead host name)
*.* Forward all information (Rsyslog content defined in Rsyslog configuration file)
@@ Network protocol TCP (@ = UDP / @@ = TCP)
itoa-adapter.company.corp IP address or host name of SAP ITOA Adapter instance
1515 Network port, SAP ITOA Adapter is listening

 

Save the configuration changes and restart Rsyslog service.

service rsyslog restart

Check in SAP ITOA user interface weather Rsyslog messages are received.

 

Troubleshooting

In case of problems check the following issues:

  • Please check in SAP ITOA data source (bucket) if the syslog receiver plugin is activated (check SAP ITOA administration manual for more details)
  • Please check if SAP ITOA Adapter service is running. Therefore login with an user with administration authorization, via console (e.g. PuTTY) to SAP ITOA Adapter instance and execute the following command:
    ps -ef | grep itoa
  • Please check if Syslog or Rsyslog messages are received in SAP ITOA Adapter instance (network activity). Therefore login with an user with administration authorization, via console (e.g. PuTTY) to SAP ITOA Adapter instance and execute the following command:
    tcpdump -A -s 0 -i eth0 port 1515

    Please adjust network card configuration (eth0) to your setup.

  • Use the same approach (check network activity) in source instance to check if Syslog or Rsyslog messages are forwarded to SAP ITOA Adapter
  • Check the log file of SAP ITOA Adapter which is typically available in /usr/sap/itoa_adapter/logs/itoa-adapter.log

 

Further Information

Content Type Information
SAP Entry Page https://www.sap.com/itoa
SAP Help Page https://help.sap.com/itoa

 

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply