Message Logging Policy

The Message Logging policy lets you send syslog messages to third-party log management services, such as Splunk, Sumo Logic, and Loggly.

If you want to send syslog to one of those services, follow the service documentation of the concerned service to obtain the host, port, and protocol, then set the Syslog element on this policy accordingly.

You can attach this policy in the following locations:

An example payload for the policy is as follows:

<MessageLogging async="false" continueOnError="false" enabled="true" xmlns=''>
                              <Message> = {}</Message>
               <!-- This is default port value -->

Elements and Attributes


Syslog destination

To send syslog to Splunk, Sumo Logic, or Loggly,


Build the message to be sent to the syslog, combining text with variables to capture the information you want.


The hostname or IP address of the server where the syslog should be sent. If the element is not specified, the default is localhost.


Port where the syslog is running. If you don't include this element, the default is 514.


TCP or UDP (default). While UDP is more performant, the TCP protocol guarantees message log delivery to the syslog server. For sending syslog messages over TLS/SSL, only TCP is supported.


true or false

Optional, but <FormatMessage>true</FormatMessage> is required for use with Loggly.

This element lets you control the format of generated content prepended to the message. If set to true, the syslog message is prepended by a fixed number of characters, which lets you filter out that information from messages.