ONTAP Discussions

Syslog

ploufg
5,210 Views

Hi

it is possible that this post discussion have allready being posted

Sorry, if it is

my question is, how can i send my log (syslog, and audit log) to a syslog server

ty

2 REPLIES 2

reide
5,210 Views

ploufg,

Syslog in ONTAP is the same as in UNIX or Linux. For a given facility or severity, you can specify a loghost rather than a log file. syslogd will then attempt to forward the logs to the specified loghost over the network. Assuming the loghost is configured to recieve log messages, it will then write them to its own log files.

Refer the syslogd man page for more information on how to use the logost option.

jeremypage
5,210 Views

The configuration is a little ugly but works similar to most Unix based systems but, assuming "logs" resolves to the IP address of your log server you need to add a line to /vol/vol0/etc/syslog.conf containing the following:

*.*    @logs

This will messages from any source on the filer with any severity to the host logs via UDP. You can also get fancier and do stuff like

*.*  *.debug@logs

which will send all of the filer's log entries to the log server with the debug priority.

Make sure you can resolve "logs" from the filer. It will accept FQDNs or (I think) IP addresses as well.

Please note that UDP does not provide reliable delivery so if the filer is having issues they may not show up in the logs on your log server and the filer won't tell you.

Public