ONTAP Discussions

About syslog transfer protocol

Mitsuhiko

Hi,


I have something I don't understand.

Is the "syslog" transferred by Netapp TCP-TLS?

 

TR4304 "Logging in Clustered Data ONTAP" had the following words.

Is this correct in understanding that it is TCP-TLS?

"The standard is defined by the IETF in RFC5424."

 

Regards,

1 ACCEPTED SOLUTION

Ontapforrum

Yes, you have summarized it correctly. Regards!

View solution in original post

4 REPLIES 4

Ontapforrum

Yes, you have summarized it correctly. Regards!

View solution in original post

thank you for your answer.

I understood it correctly!

 

Regards.

Ontapforrum

I think you meant TR4303 (not 4304). Traditionally, NetApp FAS storage systems are/were neither syslog server and nor it listens on UDP port 514. It simply forwards it over UDP 514. I don't know if this has changed but this is an interesting question and I don't dig in much on this topic usually. But, out of curiosity I started reading about it.

 

With Ontap 9 onwards, you can send audit-logs to syslog server over tls, but I don't think it mentions EMS event-logs (which trdaitionally follows the syslog standards).

 

Beginning in ONTAP 9, you can transmit the audit logs securely to external destinations using the TCP and TLS protocols.
https://docs.netapp.com/us-en/ontap/system-admin/forward-command-history-log-file-destination-task.html

 

Note: ONTAP syslog forwarding uses RFC 3164 compliant timestamps so is not fully compliant to RFC 5424. See Event log server doesn't take ONTAP format for more information.


https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Syslog_server_doesn't_take_ONTAP_format


OTNAP:
Event forwarding to a Syslog server
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Event_forwarding_to_a_Syslog_server

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Systems/Fabric%2C_Interconnect_and_Management_Switches/How_to_forward_syslog_to_a_remote...

Thank you for your reply.

As you pointed out, it was the description of TR4303.

 

In summary, the tls usage of syslog transfers in ONTAP 9 is understood below. is it right?

 

Event to be notified by "event notification"
⇒Transfer via UDP 514 and sent in clear text

 

Audit-logs that can be monitored by "cluster log-forwarding create"
⇒ Use TLS

 

Regards,

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public