Solved: Re: About syslog transfer protocol

Mitsuhiko · ‎2021-11-04

Hi,

I have something I don't understand.

Is the "syslog" transferred by Netapp TCP-TLS?

TR4304 "Logging in Clustered Data ONTAP" had the following words.

Is this correct in understanding that it is TCP-TLS?

"The standard is defined by the IETF in RFC5424."

Regards,

Ontapforrum · ‎2021-11-05

Yes, you have summarized it correctly. Regards!

View solution in original post

Ontapforrum · ‎2021-11-04

I think you meant TR4303 (not 4304). Traditionally, NetApp FAS storage systems are/were neither syslog server and nor it listens on UDP port 514. It simply forwards it over UDP 514. I don't know if this has changed but this is an interesting question and I don't dig in much on this topic usually. But, out of curiosity I started reading about it.

With Ontap 9 onwards, you can send audit-logs to syslog server over tls, but I don't think it mentions EMS event-logs (which trdaitionally follows the syslog standards).

Beginning in ONTAP 9, you can transmit the audit logs securely to external destinations using the TCP and TLS protocols.
https://docs.netapp.com/us-en/ontap/system-admin/forward-command-history-log-file-destination-task.html

Note: ONTAP syslog forwarding uses RFC 3164 compliant timestamps so is not fully compliant to RFC 5424. See Event log server doesn't take ONTAP format for more information.

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Syslog_server_doesn't_take_ONTAP_format

OTNAP:
Event forwarding to a Syslog server
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Systems/Fabric%2C_Interconnect_and_Management_Switches/How_to_forward_syslog_to_a_remote...