7018826: SSPR Auditing when syslog server is unavailable

This document (7018826) is provided subject to the disclaimer at the end of this document.


Self Service Password Reset
SSPR 4.x


What happens to audit events if the syslog server is not available?
Will SSPR audit events be lost if the syslog server is down?


If SSPR Auditing is configured to go to a syslog server (and not using UDP), and if that syslog server is not available, SSPR will store audit events in its local database and send them to the syslog server when it becomes available again.
If the SSPR syslog configuration is configured over tcp or ssl, the SSPR server will queue messages while the syslog server is unreachable. If syslog is configured via udp (not common) undelivered messages will be discarded.
If the syslog server is down it will show as such in the SSPR health report. Also, the current count and age of queued syslog events will show in the administration -> dashboard -> localdb screen.
If the server is unreachable SSPR will retry the connection every 30 seconds. Queued events will be stored up to a day or 100,000 records.


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.


Leave a Reply