Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

UDP Multiline Syslog Log Source Parameters for Open LDAP

 

If JSA does not automatically detect the log source, add a Open LDAP log source on the JSA Console by using the UDP Multiline Syslog protocol.

When using the UDP Multiline Syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect UDP Multiline Syslog events from Open LDAP:

Table 1: UDP Multiline Syslog log source parameters for the Open LDAP DSM

Parameter

Value

Log Source type

Open LDAP Software

Protocol Configuration

UDP Multiline Syslog

Log Source Identifier

Type the IP address or host name for the log source as an identifier for events from your Open LDAP server.

Listen Port

Type the port number that is used by JSA to accept incoming UDP Multiline Syslog events. The valid port range is 1 - 65536.

The default UDP Multiline Syslog listen port is 517.

If you do not see the Listen Port field, you must restart Tomcat on JSA.

To edit the Listen Port number:

Update IPtables on your JSA console or Event Collector with the new UDP Multiline Syslog port number. For more information, see Configuring IPtables for Multiline UDP Syslog Events.

In the Listen Port field, type the new port number for receiving UDP Multiline Syslog events.

Click Save.

On the Admin tab, select Advanced > Deploy Full Configuration.

When you click Deploy Full Configuration, JSA restarts all services, resulting in a gap in data collection for events and flows until the deployment completes.

The port update is complete and event collection starts on the new port number.

Message ID Pattern

Type the regular expression (regex) that is needed to filter the event payload messages. All matching events are included when processing Open LDAP events.

The following regular expression is suggested for Open LDAP events:

conn=(\d+)

For example, Open LDAP starts connection messages with the word conn, followed by the rest of the event payload. Use of this parameter requires knowledge of regular expressions (regex). For more information, see the following website: http://download.oracle.com/javase/tutorial/essential/regex/