Resolving issues with sending access log data
Several measures can be taken to resolve issues with sending access log data from Web Gateway to a syslog server.
- If access log data is not received on the syslog server, it might still be written to the var/log/messages partition on the disk of the Web Gateway appliance system.
Run the following command from a system console to verify that data is not written to disk:
tail -f /var/log/messages
- If access log data is not received on the syslog server, it might be due to restrictions that are, for example, imposed by a firewall. You can perform a tcpdump to see whether Web Gateway sends data packets to the syslog server at all.
Run the following command from a system console to see the data packets, for example, when they are sent to the syslog server under the UDP protocol:
tcpdump port 514
You should also review the rsyslog.conf system file to make sure that sending data to the syslog server is configured correctly.
- Web Gateway truncates a data packet that is sent to the syslog server by default if it has more than 2000 characters.
Add the following line to the rsyslog.conf system file to adjust the packet length:
$MaxMessageSize <maximum number of characters>