Using a syslog server

The Management Node acts as a syslog server, collating the logs from itself and each Conferencing Node to produce the Pexip Infinity support log. The support log includes the administrator log.

However, you can also use a remote syslog server to collect copies of each system's logs. The advantage of this is that, should the Management Node become unavailable, logging would still continue on the syslog server.

When a remote syslog server is used, the Management Node and each of the Conferencing Nodes sends its logs directly to the assigned syslog server using the syslog protocol. The Management Node will still continue to collate logs from all the nodes, and it is these unified logs that are shown from the Pexip Infinity Administrator interface. Note that the Management Node does not send the unified logs to the syslog server — it only sends its own logs.

The Management Node shows the support log only. If you elect to use a remote syslog server, you can choose to send it audit logs and web server logs in addition to, or instead of, the support log.

You can configure more than one remote syslog server, for example if you want to send different combinations of the support, audit and web server logs to different servers. If more than one syslog server is configured, logs will be sent to each of them.

To add, edit or delete the remote syslog servers used by Pexip Infinity, go to System > Syslog servers.

The syslog servers you configure here are used automatically by the Management Node. For a Conferencing Node to use a syslog server you must assign the required syslog servers to the system locations used by those Conferencing Nodes.

The available options are:

Option Description
Description An optional description of the syslog server.
Address The IP address or FQDN of the remote syslog server.

The port on the remote syslog server.

Default: 514.


The IP transport protocol used to communicate with the remote syslog server.

Default: UDP.

Support log Enables sending of support and administrator log entries to this syslog server.
Audit log Enables sending of Linux audit log entries to this syslog server. Some security-related certifications may require this log to be recorded.
Web server log Enables sending of web server log entries to this syslog server. This is a log of all HTTPS requests to the Management Node and Conferencing Nodes.

After configuring the syslog servers available to your system, you should now assign which of those syslog servers to use in each location (Platform > Locations). Each Conferencing Node in that location will then use those syslog servers. If you do not assign any syslog servers to a location then there will be no remote logging for any of the nodes in those locations.

The following table shows the facility code used for each log type:

Facility code Log type
local0 Admin log
local2 Support log
local6 Audit log
local7 Web server log

Web server logs are provided in the nginx web server format (Module ngx_http_log_module) with the following fields:

$remote_addr - $remote_user [$time_local] "$request" $pid $status $body_bytes_sent $request_time "$http_referer" "$http_user_agent"

Field Module
remote_addr ngx_http_core_module
remote_user ngx_http_core_module
time_local ngx_http_log_module
request ngx_http_core_module
pid ngx_http_core_module
status ngx_http_log_module
body_bytes_sent ngx_http_core_module
request_time ngx_http_log_module
http_referer/http_user_agent The values of the Referer/User-Agent headers as sent by the client