Message Logging Policy

The Message Logging policy lets you send syslog messages to third-party log management services, such as Splunk, Sumo Logic, and Loggly.

If you want to send syslog to one of those services, follow the service documentation of the concerned service to obtain the host, port, and protocol, then set the <Syslog> element on this policy accordingly.

You can attach this policy in the following locations:

An example payload for the policy is as follows:

<MessageLogging async="false" continueOnError="false" enabled="true" xmlns=''>
		<Message> = {}</Message>
    	<!-- Host must be valid DNS/IP -->
    	<!-- <Host></Host> -->
    	<!-- This is default port value -->

Elements and Attributes


Syslog destination

To send syslog to Splunk, Sumo Logic, or Loggly,


Build the message to be sent to the syslog, combining text with variables to capture the information you want.


The hostname or IP address of the server where the syslog should be sent. If the element is not specified, the default is localhost.


Port where the syslog is running. If you don't include this element, the default is 514.


TCP or UDP (default). While UDP is more performant, the TCP protocol guarantees message log delivery to the syslog server. For sending syslog messages over TLS/SSL, only TCP is supported.


true or false

Optional, but <FormatMessage>true</FormatMessage> is required for use with Loggly.

This element lets you control the format of generated content prepended to the message. If set to true, the syslog message is prepended by a fixed number of characters, which lets you filter out that information from messages.


If you don't include this element or leave it empty, the default value is false.

Lets you log messages through SSL/TLS. Use with sub elements
  • Enabled: Indicates whether TLS/SSL is enabled for the endpoint. The default value is false.
  • ClientAuthEnabled: Outbound client authentication (2-way TLS/SSL)
  • Keystore: A keystore containing private keys used for outbound client authentication
  • KeyAlias: The key alias of the private key used for outbound client authentication
  • TrustStore: A keystore containing trusted server certificates.
  • Ciphers: Supported ciphers for outbound TLS/SSL.To restrict ciphers, add the following elements listing the supported ciphers:
  • Protocols: Supported protocols for outbound TLS/SSL.To restrict protocols, add the following elements listing the supported protocols: