ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

About syslog transfer protocol

Mitsuhiko
‎2021-11-04 02:13 AM
1,966 Views

Hi,


I have something I don't understand.

Is the "syslog" transferred by Netapp TCP-TLS?

 

TR4304 "Logging in Clustered Data ONTAP" had the following words.

Is this correct in understanding that it is TCP-TLS?

"The standard is defined by the IETF in RFC5424."

 

Regards,

1 ACCEPTED SOLUTION

Ontapforrum
‎2021-11-05 03:17 AM
1,851 Views

Yes, you have summarized it correctly. Regards!

View solution in original post

0 Kudos
4 REPLIES 4

Ontapforrum
‎2021-11-04 05:48 AM
1,926 Views

I think you meant TR4303 (not 4304). Traditionally, NetApp FAS storage systems are/were neither syslog server and nor it listens on UDP port 514. It simply forwards it over UDP 514. I don't know if this has changed but this is an interesting question and I don't dig in much on this topic usually. But, out of curiosity I started reading about it.

 

With Ontap 9 onwards, you can send audit-logs to syslog server over tls, but I don't think it mentions EMS event-logs (which trdaitionally follows the syslog standards).

 

Beginning in ONTAP 9, you can transmit the audit logs securely to external destinations using the TCP and TLS protocols.
https://docs.netapp.com/us-en/ontap/system-admin/forward-command-history-log-file-destination-task.html

 

Note: ONTAP syslog forwarding uses RFC 3164 compliant timestamps so is not fully compliant to RFC 5424. See Event log server doesn't take ONTAP format for more information.


https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Syslog_server_doesn't_take_ONTAP_format


OTNAP:
Event forwarding to a Syslog server
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Systems/Fabric%2C_Interconnect_and_Management_Switches/How_to_forward_syslog_to_a_remote...

0 Kudos

Mitsuhiko
‎2021-11-04 05:53 PM
In response to Ontapforrum
1,887 Views

Thank you for your reply.

As you pointed out, it was the description of TR4303.

 

In summary, the tls usage of syslog transfers in ONTAP 9 is understood below. is it right?

 

Event to be notified by "event notification"
⇒Transfer via UDP 514 and sent in clear text

 

Audit-logs that can be monitored by "cluster log-forwarding create"
⇒ Use TLS

 

Regards,

0 Kudos

Ontapforrum
‎2021-11-05 03:17 AM
1,852 Views

Yes, you have summarized it correctly. Regards!

0 Kudos

Mitsuhiko
‎2021-11-07 05:50 PM
In response to Ontapforrum
1,698 Views

thank you for your answer.

I understood it correctly!

 

Regards.

0 Kudos
All Community Forums
Public