Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Use Syslog with the Logging Client

If you choose Send as Syslog on the Logging Client Configuration page, your log files will be sent to Syslog server. For more information on disk requirements for Syslog, see Logging Client System Requirements. The below workflow explains how data is sent from Logging Client to Syslog server through a temporary file storage:

  • When sending logs via Syslog, a temporary file storage called pending-events, is created and the files are temporarily pushed to the pending-events folder. You can find the temporary storage in the below path:
C:\Users\<username>\AppData\Roaming\logging-client\pending-events
  • The service assures that all data is pulled successfully on each scheduled interval or pull. If a data pull fails, the Logging Client captures the error in the error log. You can find the error log in the below path:
C:\Users\<user name>\AppData\Local\logging_client\app-<version number>\logs
  • Logging data is carried out in a queued approach, where files are taken on a first-come, first-served basis. After logging the data completely from the file, the file is removed from the temporary file storage. The files are removed from the below path:
C:\Users\<user name>\AppData\Roaming\logging-client\pending-events
  • Configuration files that store the timestamp and queuing information have been moved to SQLite. The name of the database file is configuration.db. You can find the database file in the below path:
C:\Users\<user name>\AppData\Local\logging_client\app-<version number>

 

 

 

 

 

 

IMPORTANT: Do not use the db file while logging is in process.

 

 

NOTE: There is an expected lag between pulling data from the server and logging, especially if it happens via TCP.

  • Was this article helpful?