SSPR Auditing when syslog server is unavailable

  • 7018826
  • 21-Apr-2017
  • 21-Apr-2017

Environment

Self Service Password Reset
SSPR 4.x

Situation

What happens to audit events if the syslog server is not available?
Will SSPR audit events be lost if the syslog server is down?

Resolution

If SSPR Auditing is configured to go to a syslog server (and not using  UDP), and if that syslog server is not available, SSPR will store audit events in its local database and send them to the syslog server when it becomes available again.  
 
If the SSPR syslog configuration is configured over tcp or ssl, the SSPR server will queue messages while the syslog server is unreachable. If syslog is configured via udp (not common) undelivered messages will be discarded.
 
If the syslog server is down it will show as such in the SSPR health report.  Also, the current count and age of queued syslog events will show in the administration -> dashboard -> localdb screen.  
 
If the server is unreachable SSPR will retry the connection every 30 seconds.  Queued events will be stored up to a day or 100,000 records.