You can see the current console logs of the syslog writer container by using the logs command in a Quickstart terminal:
sudo docker logs -f systog-writer
All execution logs are saved in cisp_syslog_writer/data/logs/ folder on the host machine.
If there was a failure during the initial interactive configuration, or if you wish to rerun or configure the Syslog Writer with a fresh account:
Delete the earlier container:
sudo docker rm -f syslog-writer
Remove the local conf file in the cisp_syslog_writer/data folder:
sudo rm data/config.ini
Run the container again using same run command from the cisp_syslog_writer folder:
sudo docker run --name syslog-writer -it --log-driver json-file --log-opt max-size=10m --net=host -v `pwd`/data:/home/centrify-syslog-writer/data syslogwriter_image
Use below command to start the container/syslog writer, if the container stops (due to the Docker daemon or machine restart, etc.)
sudo docker start syslog-writer
When syslog writer is restarted, it will start to fetch events beyond the last event fetch date, which is internally saved on the host machine, during previous run.
To stop the container/Syslog Writer:
sudo docker stop syslog-writer
rollback (in hours, default value: 24)
Only applies when syslog writer is started for first time. It is the number of hours before the current time for the syslog writer to start fetching events. By default, it will fetch for 24 hours (one day) before the current time in the UTC). If required, you can configure this in config.ini by creating a copy from the config.ini.default file, before firing the Docker run command.
batch_size (in minutes, default value: 10)
The number of minutes to fetch data for when the time range is large. By default, it fetches data in batches of 10 minutes. When there is a larger time range such as 24 hours for the first time run, it fetches data in batches of 10-minute sizes.
frequency (in minutes, default value: 5)
The frequency (in minutes) for running the Syslog Writer application. By default, it runs every five minutes. During runtime, a change to this parameter will be reflected after the pending job run is triggered.
debug (under APP_LOGGER. This feature is disabled by default)
This is for enabling debug level logs. In case of a problem with the behavior of syslog writer, please set the value of this property to yes (debug = yes) and reproduce the problem. You can then share an archive of the data/logs folder with Centrify support for troubleshooting.