---
title: "Configuring the PingIntelligence Dashboard engine for <code class=\"codeph\">syslog</code>"
description: The PingIntelligence Dashboard engine supports sending attack information to a syslog server.
component: pingintelligence
version: 5.2
page_id: pingintelligence:pingintelligence_reference_guide:pingintelligence_configure_dashboard_engine_syslog
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_reference_guide/pingintelligence_configure_dashboard_engine_syslog.html
revdate: April 3, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  result: Result:
---

# Configuring the PingIntelligence Dashboard engine for `syslog`

The PingIntelligence Dashboard engine supports sending attack information to a `syslog` server.

## About this task

The PingIntelligence Dashboard ships with a `syslog.xml` and `attack_log.xml` file in the Dashboard `config` directory. The `config` file supports other formats available with Log4j including `.properties`, `.json`, or `.yml`.

The following is a snippet of the `syslog.xml` file.

```xml
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="warn" name="APIIntelligence" packages="">
  <Appenders>
    <!--<Syslog name="bsd" host="localhost" port="514" protocol="TCP"
      ignoreExceptions="false" immediateFlush="true" />-->
    <Syslog name="RFC5424"  host="localhost" port="614" protocol="TCP"
      format="RFC5424"  appName="APIIntelligence" mdcId="mdc"
      facility="LOCAL0" enterpriseNumber="18060" newLine="true"
      messageId="Audit" id="App" ignoreExceptions="false" immediateFlush="true"/>
  </Appenders>
  <Loggers>
     <Logger name="com.pingidentity.abs.publish" level="info" additivity="false">
      <AppenderRef ref="RFC5424"/>
    </Logger>
  </Loggers>
</Configuration>
```

## Steps

1. Enable `syslog` support by editing the `dashboard.properties` file.

   By default `syslog` is disabled. The Dashboard uses Log4j version 2.11.2 to publish attack data to `syslog`.

   The following is a snippet of `dashboard.properties` with `syslog` enabled.

   ```
   # Log4j2
   # publish attacks to Log4j2. Valid values true or false
   # By default it provides syslog support
    publish.log4j2.enable=true
   # log4j2 config file to log attacks to an external service. For example, Syslog
   # use com.pingidentity.abs.publish as logger name in log4j2 configuration
    log4j2.config=config/syslog.xml
   # log4j2 log level for attack logging
   log4j2.log.level=INFO
   # directory for any log4j2 config dependency jar's.
   # useful for third party log4j2 appenders
   # it should be a directory
   log4j2.dependencies.dir=plugins/
   ```

   ### Result:

   The attack data is published to a Log4j logger named `com.pingidentity.abs.publish`. The Log4j configuration file must have a logger named `com.pingidentity.abs.publish`. Any Log4j2 config file that wants to capture attack data from Dashboard must have at least one logger with name `com.pingidentity.abs.publish`.

2. Configure the server and port number of the `syslog` server in `config/syslog.xml` file.

   The following is a snippet of the `syslog.xml` file displaying the server and port number parameters:

   ```
    <!--  # Syslog RFC5424 format, TCP -->
       <Syslog name="TCP_RFC5424"
          host="localhost" port="614"
         appName="APIIntelligence"
         id="App"
         enterpriseNumber="18060"
         facility="LOCAL0"
         messageId="Audit"
         format="RFC5424"
         newLine="true"
         protocol="TCP"
         ignoreExceptions="false"
         mdcId="mdc" immediateFail="false" immediateFlush="true"
         connectTimeoutMillis="30000" reconnectionDelayMillis="5000"/>
   ```