Book Demo!

˂ Return to FAQ

New Xton Documentation Center
Xton help has moved. Please visit the current version of this page for the most recent updates. Our new documentation center can be found at

Many companies choose to centralize security and network logging to a single Syslog server or appliance to reduce the burden of log collection, investigation and reporting across many devices. While XTAM does include its own logging engine that captures and stores events, it can also be configured to output this information to your centralized syslog server.

To output XTAM audit log events to your syslog server, please perform the following steps.

You can now configure Syslog integration by simply navigating to Administration > Settings > Syslog within the XTAM interface.

To understand what types of events are logged by level, please read this article.


On the host where XTAM is installed, open the file {XTAM_HOME}\web\conf\ in a text editor.


Modify the second line of this file
from this: log4j.rootLogger=INFO, file, stdout
to this: log4j.rootLogger=INFO, file, stdout, SYSLOG


At the end of the file, copy and paste the following lines of code:

# Syslog Messages
log4j.appender.SYSLOG.syslogHost={add your Syslog Host name or IP address here}
log4j.appender.SYSLOG.layout.conversionPattern=XTAM [%p] %c{3.}:%L - %m%n

Modify the log4j.appender.SYSLOG.syslogHost= line above to add your Syslog host name or IP address.
If you wish to use a non-standard port, then simply add your custom port number to the end of your Syslog name or IP address. :port


When finished, Save and close this file.


The syslog output is delivered over the UDP port by default, so if necessary ensure that port 514 is open.


Restart the service PamManagement (Windows) or pammanager (Linux).

Once the service has completed the restart process, your Syslog server or appliance should immediately begin receiving audit log events from XTAM.


Copyright © 2020 Xton Technologies, LLC. All rights reserved.