Skip to content

Event Logging Domino running on Windows to Linux Syslog

Problem Definition

Recently a client of mine came to me with a request. He had opened a case with HCL Software regarding writing the Domino Log to Syslog. He wanted to do that but was not sure how to proceed. Also, the reason he wanted this capability was to utimately use SIEM software to find patterns or track events.

Introduction

HCL Domino is a fairly mature collaboration and email solution which does provide a wide range of features. HCL Domino already has a feature in which HCL Domino can publish events to either syslog or in case of Windows to the Event Viewer

How to configure logging in Domino to syslog - Linux Server

💡 For Linux it is fairly simple.

  1. You would obviously need your HCL Domino Server running on Linux.
  2. You will need access to events4.nsf or Monitoring Configuration Database Events Db
  3. Open the events4.nsf and Create a new event handler Create new event handler
  4. Now you can configure the event handler accordingly. You can look into Event Handler Documentation from HCL Software

Some Screenshots below.

Event Handler 1 Event Handler 2 Event Handler 3

  1. Once Done. Please Save and Close.

  2. To view the syslog in Linux there are a multiple ways. I used the lnav or The Logfile Navigator.

Syslog

How to configure logging in Domino to Windows Event Viewer - Linux Server

For HCL Domino running on Windows the same steps enlisted above will work.

With the exception of Step 4 where instead of Log to Unix System Log select Log to Event Viewer Logging to Windows Event Viewer

You can now see that the NotesEvent start appearing in the Windows Event Viewer. Domino Events in Windows Event Viewer

How do you redirect the Windows Event Viewer - Domino Events to Linux Syslog

The issue is how do you redirect these NotesEvent appearing under Applications to the Linux Syslog.

For this you can use a variety of tools essentially you need a log forwarder like NXLog or GrayLog or in my case I used the SolarWinds Event Log Forwarder for Windows

📝 You have to configure the SolarWinds Event Log Forwarder as shown below

  • You will need to configure the Subscriptions as shown.

Subscriptions

  • As you can see we have filtered a few events.

Subscriptions Filter

  • Make sure you log the forwarding events to the Kernel

Log to Kernel

  • You will have to select the Linux Server which is running Syslog and define the Port and the IP Address.

Add the Syslog Server Syslog Server Details

Final Step now we can check our lnav output on the Linux Server. You can clearly see the details of the events from HCL Domino Server running on Windows.

Syslog Domino Server1 Syslog Domino Server2

💥 This was my first attempt. Hope you liked it. Please provide your feedback at rsharma@cloudcollabdevtech.com. More updates coming...

Comments