Syslog server integration

The Automation Anywhere Control Room supports ingesting tenants' audit log entries in Syslog format to any Syslog server.

Important: The options to specify or modify the Syslog configurations are available only for the On-Premises deployment.
By pushing syslog data to a Syslog server, you can integrate and leverage the advanced searching and reporting features of Syslog server solutions. When configured, the Control Room audit logs are forwarded to both the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) network protocols. You can use any syslog server. The following syslog servers are tested and certified by Automation Anywhere:
  • Kiwi Syslog Server
  • Splunk

Syslog server integration with Automation 360

You can configure a Kiwi Syslog Server or a Splunk server that accepts data from a Control Room instance's syslog through a TCP or UDP port. The following example illustrates sending the Syslog data to Kiwi Syslog server through TCP or UDP ports.

Configure Kiwi Syslog Server

Solarwinds Kiwi Syslog Server is a widely used commercial Syslog server. Kiwi Syslog Server Free Edition can monitor Syslog for up to five devices. Download Kiwi Syslog Server Free Edition from the following link: Kiwi Syslog Server Free Edition. After installation, perform the following steps to configure the Kiwi Syslog Server:

  1. Navigate to File > Setup > Inputs.

  2. To forward the logs through UDP, click UDP.
    Kiwi Syslog UDP setup
  3. Enter the UDP port and the IP to which you want to forward the logs.
  4. To forward the logs through TCP, click TCP.
    Kiwi Syslog TCP setup
  5. Enter the TCP port and the IP to which you want to forward the logs.

Configure Control Room to send Syslog on UDP or TCP

To configure the Control Room to send Syslog on UDP or TCP, perform the following steps:

Note:

To perform the task, you must have a Control Room administrator account with the required rights and permissions.

  1. Navigate to Administration > Settings > Network settings.
    Navigate to Syslog in CR
  2. To add more Syslog servers, click the plus (+) sign.
  3. Enter the Syslog server information.
    Option Action
    Syslog server hostname Fully qualified domain name (FQDN) or the IP address of the Syslog server to deliver the log reports.
    Port Port that the remote Syslog server uses to receive incoming Syslog records (for example, port 514).
    Protocol TCP or UDP.
    Use Secure Connection Use a TLS encrypted channel to send Syslog records to the remote server. This option is available for TCP only.
    1. To forward the logs to a UDP port, enter the UDP settings (IP, port, and select UDP from Protocol drop-down).
      Note: For information about specific settings, see the Kiwi Syslog Server documentation.

      Configure Syslog settings in Control Room
    2. To forward the logs to an TCP port, enter the TCP settings (IP, port, and select TCP from Protocol drop-down) .
  4. Click Save changes.

Verifying data in the Syslog Server

Reception of logs is verified in the Syslog Server. Perform the following steps to verify the data in Syslog Server:

  1. Generate a Syslog event by logging in or logging out of the Control Room.
  2. Verify the logs in the Kiwi Syslog Server.
    CRControl Room Syslogs in Kiwi Syslog Server
If you have configured Splunk Splunk as your Syslog server, then you will observe the syslog messages in the Splunk.
CRControl Room Syslogs in Splunk