Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to forward Syslog or Rsyslog messages to SAP IT Operations Analytics

frane_milicevic
Active Participant
‎06-30-2017 7:03 AM

Abstract


This page provides information about how to forward Syslog or Rsyslog messages to SAP IT Operations Analytics (SAP ITOA). Please check in your environment if Syslog or Rsyslog daemon is in use.

The following configuration can be performed in central service (Syslog or Rsyslog server) or in desired instance (end device).

Please check this blog for further data source integrations.

 

SAP ITOA


Before starting with Syslog or Rsyslog configuration, SAP ITOA needs to be prepared to receive Syslog or Rsyslog streaming content.

Therefore create a new data source (bucket) in SAP ITOA, activate syslog receiver plugin, define network port & network protocol (TCP or UDP) and start the syslog receiver service.

For the following Syslog and Rsyslog configuration examples we will refer to this SAP ITOA configuration example:



















PARAMETER VALUE
Hostname itoa-adapter.company.corp
Network Port 1515
Network Protocol TCP

 



 

Syslog-ng


Please add the following configuration in the central Syslog server or desired instance (end device). Login to the instance via console (e.g. PuTTY) with an administration account (e.g. root user).

The typical location of the Syslog configuration file is /etc/syslog-ng/syslog-ng.conf. Please check the operating system documentation for further details.

 









/etc/syslog-ng/syslog-ng.conf


destination d_itoa { tcp("itoa-adapter.company.corp" port(1515) time_zone("+00:00") ); };

log { source(src); destination(d_itoa); };

 

Further Information:



























PARAMETER DESCRIPTION
d_itoa Destination identifier
tcp Network protocol
itoa-adapter.company.corp IP address or host name of SAP ITOA Adapter instance
1515 Network port, SAP ITOA Adapter is listening
src Source identifier (Syslog content defined in Syslog configuration file)

 

Save the configuration changes and restart Syslog service.
service syslog restart

Check in SAP ITOA user interface weather Syslog messages are received.

 

Rsyslog


Please add the following configuration in the central Rsyslog server or desired instance (end device). Login to the instance via console (e.g. PuTTY) with an administration account (e.g. root user).

The typical location of the Rsyslog configuration file is /etc/rsyslog.conf. Please check the operating system documentation for further details.

 









/etc/rsyslog.conf


$PreserveFQDN on

*.* @@itoa-adapter.company.corp:1515

 

Further Information:



























PARAMETER DESCRIPTION
$PreserveFQDN on Optional: Use FQDN information (instead host name)
*.* Forward all information (Rsyslog content defined in Rsyslog configuration file)
@@ Network protocol TCP (@ = UDP / @@ = TCP)
itoa-adapter.company.corp IP address or host name of SAP ITOA Adapter instance
1515 Network port, SAP ITOA Adapter is listening

 

Save the configuration changes and restart Rsyslog service.
service rsyslog restart

Check in SAP ITOA user interface weather Rsyslog messages are received.

 

Troubleshooting


In case of problems check the following issues:

  • Please check in SAP ITOA data source (bucket) if the syslog receiver plugin is activated (check SAP ITOA administration manual for more details)

  • Please check if SAP ITOA Adapter service is running. Therefore login with an user with administration authorization, via console (e.g. PuTTY) to SAP ITOA Adapter instance and execute the following command:







    ps -ef | grep itoa


  • Please check if Syslog or Rsyslog messages are received in SAP ITOA Adapter instance (network activity). Therefore login with an user with administration authorization, via console (e.g. PuTTY) to SAP ITOA Adapter instance and execute the following command:







    tcpdump -A -s 0 -i eth0 port 1515

    Please adjust network card configuration (eth0) to your setup.

  • Use the same approach (check network activity) in source instance to check if Syslog or Rsyslog messages are forwarded to SAP ITOA Adapter

  • Check the log file of SAP ITOA Adapter which is typically available in /usr/sap/itoa_adapter/logs/itoa-adapter.log


 

Further Information



















Content Type Information
SAP Entry Page https://www.sap.com/itoa
SAP Help Page https://help.sap.com/itoa

 
1 Comment
Labels in this area
Popular Blog Posts