| Adaxes Web Interface Help | Show AllHide All |
Syslog is a protocol for collecting messages from a multitude of devices and services in your network environment. Typically, using the Syslog protocol requires a centralized Syslog server that receives and collects messages from Syslog-enabled clients. Having such a central logging facility is extremely useful for reporting, troubleshooting and incident management. Using various monitoring, audit and SIEM (Security Information and Event Management) solutions, you can correlate events that come from various systems to have an overall view of the events occurring in your environment.
You can configure Adaxes to send logging information to an external Syslog server. Each message sent to a Syslog server contains a description of an operation performed via Adaxes, its result, and also who performed it, when, and from which host. Messages are sent both for operations on Active Directory objects, such as a user or group, and for operations performed on Adaxes configuration objects, such as a Business Rule or a Property Pattern.
| Adaxes implements the BSD Syslog Protocol as defined in RFC 3164. |
Examples of Syslog messages sent by Adaxes:
User Garrett Wilson successfully disabled user Emily Jones:
<14>Feb 17 17:54:31 SERVER1 Garrett Wilson (gwilson@example.com)|Modify 'Emily Jones (example.com\Offices\London)': disable the account|Success
User William Robertson tried to modify an e-mail address of a group, but entered a value that is not allowed by a Property Pattern:
<11>Mar 03 15:07:06 SERVER1 William Robertson (wrobertson@example.com)|Modify 'All Sales Staff (example.com\Users)': set 'Email' to 'allsalesexample.com'|The new value of the 'Email' property doesn't match the regular expression applied to this property. The format of the specified e-mail address is invalid. Please specify a valid e-mail.
User Susan Miller approved an Approval Request:
<14>Aug 02 05:38:23 SERVER1 Susan Miller (smiller@example.com)|Approve operation: 'Modify 'Richard Jones (example.com\Offices\New York)': set Description to 'Paternity Leave''.|Success
Syslog messages are sent by Adaxes using UDP. Since UDP does not require the receiver to generate an acknowledgement of packet received, it is impossible to identify whether the Syslog server received a message or not. For this reason, it is recommended to trace that the Syslog Server is always available for Adaxes to send messages.
| If Adaxes fails to send a message to the Syslog server, a record with a detailed error description is added to the Service Event Log. |
As defined by RFC 3164, a Syslog message starts with the PRI part that defines the Priority of the message. The Priority is calculated as the sum of a Facility Code, multiplied by 8, and a Severity Level of the message. By default, the Facility Code of messages sent by Adaxes is set to 1 (user-level messages).
| You can change the Facility Code of Adaxes Syslog messages. |
The Severity Level of messages sent by Adaxes is set depending on the result of the operation a message represents. If an operation completed successfully, completed with warnings, or was suspended (for example, sent for approval) the Severity Level of such messages is 6 (Informational). If an operation failed, the Severity Level is 3 (Error).
| You can set a single Severity Level that will be used for all messages sent by Adaxes, no matter whether an operation failed or succeeded. |
Thus, if the Facility Code and the Severity Level of Syslog messages are set to their default values, the Priority value is 14 for operations that were completed or suspended and 11 for failed operations.
By default, Adaxes does not limit the size of messages sent to a Syslog server. However, certain servers reject Syslog messages that exceed a certain size limit. You can limit the size of messages sent by Adaxes.
A Syslog message can contain an optional TAG part that can be used to label messages sent by a specific application. By default, Adaxes does not tag its Syslog messages. You can tag messages sent by Adaxes.