Previous Topic: Logging SettingsNext Topic: Filter Setting

Administration GuideMachine Policy SettingsWhat Is in a Machine Policy?Infrastructure SettingsLogging SettingsExternal Logging Settings

External Logging Settings

Settings in the Infrastructure > Logging > External Logging  subfolder enable CA DataMinder to copy log entries to the local Windows Application log and to Syslog servers.

Windows Event Log

This subfolder contains Log Detail settings for each infrastructure-maintained log file:

<Type> Log Detail

Each of these settings specifies which messages are copied to the Windows log and overrides the default log level. In each case, you can choose 'None', 'Errors Only', or 'Errors and Warnings'. You can also choose:

'Use Default' to use the default log level defined by the Write to Windows Event Log setting.

'All Messages'. Any message written to the CA DataMinder log is also copied to the Windows log.

Syslog n

There are three Syslog subfolders, allowing you to specify up to three different Syslog servers.  Each subfolder contains:

<Type> Log Detail

Each of these settings specifies which messages are copied to the Syslog server and overrides the default log level. In each case, you can choose 'None', 'Errors Only', or 'Errors and Warnings'. You can also choose:

  • 'Use Default' to use the default log level defined by the Write to Syslog Server setting.
  • 'All Messages'. Any message written to the CA DataMinder log is also copied to the Syslog server.
Server Name

Specifies the IP address or fully qualified domain name of the Syslog server.

Server Port

Specifies the port number that the Syslog listens on. By default, Syslog servers use port 514.

Maximum Message Length

Specifies the maximum length (in characters) for log messages copied to a Syslog server.

Client Port

Specifies the port(s) that CA DataMinder uses to send log messages to Syslog server. If required, you can specify a range of consecutive port numbers (such as 510—515) or a comma-separated list of port numbers and ranges (such as 501,505,510—515).

Syslog Protocol

Specifies the format for data transfers to the Syslog server. Choose either:

  • 'IETF RFC 3164'. All Syslog servers support this protocol.
  • 'IETF Syslog Internet Draft Document'. This is specifies an extension to the RFC 3164 protocol.

We recommend that you choose the RFC 3164 protocol unless you are certain that your Syslog server supports the extension published in the Internet Draft Document.

Message Format:

Choose either:

  • 'Common Event Format'. Choose this option if your Syslog server supports CEF. For example, ArcSight uses CEF. If you do choose CEF, some further policy configuration is needed.
  • 'Unformatted Data'. If your Syslog server does not support CEF, choose this option.
Common Event Format Configuration

Each Syslog n policy folder (see above) contains a Common Event Format Configuration subfolder. If you specify 'Common Event Format' as the Message Format (see above), settings in this subfolder let you change the severity values assigned by CA DataMinder to CEF messages.

Error Messages Severity Value

Defaults to 8. This severity value is assigned to error messages and high severity events when sent to Syslog servers as CEF messages.

Warning Messages Severity Value

Defaults to 5. This severity value is assigned to warning messages and medium severity events when sent to Syslog servers as CEF messages.

Information Messages Severity Value

Defaults to 1. This severity value is assigned to Information messages and low severity events when sent to Syslog servers as CEF messages.

Note: CEF messages must include an event severity value between 0 and 10.

More information:

Logging Settings