Many companies choose to centralize security and network logging to a single Syslog server or appliance to reduce the burden of log collection, investigation and reporting across many devices. While XTAM does include its own logging engine that captures and stores events, it can also be configured to output this information to your centralized syslog server.


To output XTAM audit log events to your syslog server, please perform the following steps.


You can now configure Syslog integration by simply navigating to Administration > Settings > Syslog within the XTAM interface.


To understand what types of events are logged by level, please read this article.

  1. On the host where XTAM is installed, open the file {XTAM_HOME}\web\conf\ in a text editor.
  2. Modify the second line of this file

    from this: log4j.rootLogger=INFO, file, stdout

    to this: log4j.rootLogger=INFO, file, stdout, SYSLOG

  3. At the end of the file, copy and paste the following lines of code:
  4. Copy
    # Syslog Messages
    log4j.appender.SYSLOG.syslogHost={add your Syslog Host name or IP address here}
    log4j.appender.SYSLOG.layout.conversionPattern=XTAM [%p] %c{3.}:%L - %m%n

  5. Modify the log4j.appender.SYSLOG.syslogHost= line above to add your Syslog host name or IP address.If you wish to use a non-standard port, then simply add your custom port number to the end of your Syslog name or IP address. :port.
  6. When finished, Save and close this file.
  7. The syslog output is delivered over the UDP port by default, so if necessary ensure that port 514 is open.
  8. Restart the service PamManagement (Windows) or pammanager (Linux).

Once the service has completed the restart process, your Syslog server or appliance should immediately begin receiving audit log events from XTAM.