Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have something I don't understand.
Is the "syslog" transferred by Netapp TCP-TLS?
TR4304 "Logging in Clustered Data ONTAP" had the following words.
Is this correct in understanding that it is TCP-TLS?
"The standard is defined by the IETF in RFC5424."
Regards,
Solved! See The Solution
1 ACCEPTED SOLUTION
Mitsuhiko has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you have summarized it correctly. Regards!
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think you meant TR4303 (not 4304). Traditionally, NetApp FAS storage systems are/were neither syslog server and nor it listens on UDP port 514. It simply forwards it over UDP 514. I don't know if this has changed but this is an interesting question and I don't dig in much on this topic usually. But, out of curiosity I started reading about it.
With Ontap 9 onwards, you can send audit-logs to syslog server over tls, but I don't think it mentions EMS event-logs (which trdaitionally follows the syslog standards).
Beginning in ONTAP 9, you can transmit the audit logs securely to external destinations using the TCP and TLS protocols.
https://docs.netapp.com/us-en/ontap/system-admin/forward-command-history-log-file-destination-task.html
Note: ONTAP syslog forwarding uses RFC 3164 compliant timestamps so is not fully compliant to RFC 5424. See Event log server doesn't take ONTAP format for more information.
OTNAP:
Event forwarding to a Syslog server
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply.
As you pointed out, it was the description of TR4303.
In summary, the tls usage of syslog transfers in ONTAP 9 is understood below. is it right?
Event to be notified by "event notification"
⇒Transfer via UDP 514 and sent in clear text
Audit-logs that can be monitored by "cluster log-forwarding create"
⇒ Use TLS
Regards,
Mitsuhiko has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you have summarized it correctly. Regards!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you for your answer.
I understood it correctly!
Regards.
