NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Discussions

About syslog transfer protocol

Mitsuhiko
5,844 Views

Hi,


I have something I don't understand.

Is the "syslog" transferred by Netapp TCP-TLS?

 

TR4304 "Logging in Clustered Data ONTAP" had the following words.

Is this correct in understanding that it is TCP-TLS?

"The standard is defined by the IETF in RFC5424."

 

Regards,

1 ACCEPTED SOLUTION

Ontapforrum
5,729 Views

Yes, you have summarized it correctly. Regards!

View solution in original post

4 REPLIES 4

Ontapforrum
5,804 Views

I think you meant TR4303 (not 4304). Traditionally, NetApp FAS storage systems are/were neither syslog server and nor it listens on UDP port 514. It simply forwards it over UDP 514. I don't know if this has changed but this is an interesting question and I don't dig in much on this topic usually. But, out of curiosity I started reading about it.

 

With Ontap 9 onwards, you can send audit-logs to syslog server over tls, but I don't think it mentions EMS event-logs (which trdaitionally follows the syslog standards).

 

Beginning in ONTAP 9, you can transmit the audit logs securely to external destinations using the TCP and TLS protocols.
https://docs.netapp.com/us-en/ontap/system-admin/forward-command-history-log-file-destination-task.html

 

Note: ONTAP syslog forwarding uses RFC 3164 compliant timestamps so is not fully compliant to RFC 5424. See Event log server doesn't take ONTAP format for more information.


https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Syslog_server_doesn't_take_ONTAP_format


OTNAP:
Event forwarding to a Syslog server
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Systems/Fabric%2C_Interconnect_and_Management_Switches/How_to_forward_syslog_to_a_remote...

Mitsuhiko
5,765 Views

Thank you for your reply.

As you pointed out, it was the description of TR4303.

 

In summary, the tls usage of syslog transfers in ONTAP 9 is understood below. is it right?

 

Event to be notified by "event notification"
⇒Transfer via UDP 514 and sent in clear text

 

Audit-logs that can be monitored by "cluster log-forwarding create"
⇒ Use TLS

 

Regards,

Ontapforrum
5,730 Views

Yes, you have summarized it correctly. Regards!

Mitsuhiko
5,576 Views

thank you for your answer.

I understood it correctly!

 

Regards.

Public