ONTAP Discussions

About syslog transfer protocol

Mitsuhiko
1,172 Views

Hi,


I have something I don't understand.

Is the "syslog" transferred by Netapp TCP-TLS?

 

TR4304 "Logging in Clustered Data ONTAP" had the following words.

Is this correct in understanding that it is TCP-TLS?

"The standard is defined by the IETF in RFC5424."

 

Regards,

1 ACCEPTED SOLUTION

Ontapforrum
1,057 Views

Yes, you have summarized it correctly. Regards!

View solution in original post

4 REPLIES 4

Ontapforrum
1,132 Views

I think you meant TR4303 (not 4304). Traditionally, NetApp FAS storage systems are/were neither syslog server and nor it listens on UDP port 514. It simply forwards it over UDP 514. I don't know if this has changed but this is an interesting question and I don't dig in much on this topic usually. But, out of curiosity I started reading about it.

 

With Ontap 9 onwards, you can send audit-logs to syslog server over tls, but I don't think it mentions EMS event-logs (which trdaitionally follows the syslog standards).

 

Beginning in ONTAP 9, you can transmit the audit logs securely to external destinations using the TCP and TLS protocols.
https://docs.netapp.com/us-en/ontap/system-admin/forward-command-history-log-file-destination-task.html

 

Note: ONTAP syslog forwarding uses RFC 3164 compliant timestamps so is not fully compliant to RFC 5424. See Event log server doesn't take ONTAP format for more information.


https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Syslog_server_doesn't_take_ONTAP_format


OTNAP:
Event forwarding to a Syslog server
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Systems/Fabric%2C_Interconnect_and_Management_Switches/How_to_forward_syslog_to_a_remote...

Mitsuhiko
1,093 Views

Thank you for your reply.

As you pointed out, it was the description of TR4303.

 

In summary, the tls usage of syslog transfers in ONTAP 9 is understood below. is it right?

 

Event to be notified by "event notification"
⇒Transfer via UDP 514 and sent in clear text

 

Audit-logs that can be monitored by "cluster log-forwarding create"
⇒ Use TLS

 

Regards,

Ontapforrum
1,058 Views

Yes, you have summarized it correctly. Regards!

Mitsuhiko
904 Views

thank you for your answer.

I understood it correctly!

 

Regards.

Public