cluster log-forwarding create

jtovb · ‎2020-09-21

Hi

Have a FAS2620 running ONTAP 9.3. We need to send the Event logs to a location using a non-standard port, 5514 vice 514. Can that be done? The command syntax does not look like it does.

Thanks.

nboggs · ‎2020-09-21

I'm not sure what version of OnTap you are using but yes you can in OnTap 9. Here is the man page for OnTap 9.3.

cluster log-forwarding create

Create a log forwarding destination

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The cluster log-forwarding create command creates log forwarding destinations for remote logging.

Parameters

-destination <Remote InetAddress> - Destination Host

Host name or IPv4 or IPv6 address of the server to forward the logs to.

[-port <integer>] - Destination Port

The port that the destination server listen on.

[-protocol {udp-unencrypted|tcp-unencrypted|tcp-encrypted}] - Log Forwarding Protocol

The protocols are used for sending messages to the destination. The protocols can be one of the following values:

udp-unencrypted - User Datagram Protocol with no security
tcp-unencrypted - Transmission Control Protocol with no security
tcp-encrypted - Transmission Control Protocol with Transport Layer Security (TLS)

[-verify-server {true|false}] - Verify Destination Server Identity

When this parameter is set to true, the identity of the log forwarding destination is verified by validating its certificate. The value can be set to true only when the tcp-encrypted value is selected in the protocol field. When this value is true the remote server might be validated by OCSP. The OCSP validation for cluster logs is controlled with the security config ocsp enable -app audit_log and security config ocsp disable -app audit_log.

[-facility <Syslog Facility>] - Syslog Facility

The syslog facility to use for the forwarded logs.

[-force [true]] - Skip the Connectivity Test

Normally, the cluster log-forwarding create command checks that the destination is reachable via an ICMP ping, and fails if it is not reachable. Setting this value to true bypasses the ping check so that the destination can be configured when it is unreachable.

Examples

This example causes audit logs to be forwarded to a server at address 192.168.0.1, port 514 with USER facility.

cluster1::> cluster log-forwarding create -destination 192.168.0.1 -port 514 -facility user

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-930%2Fcluster__log-forwarding__create.html

View solution in original post

nboggs · ‎2020-09-21

I'm not sure what version of OnTap you are using but yes you can in OnTap 9. Here is the man page for OnTap 9.3.

cluster log-forwarding create

Create a log forwarding destination

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The cluster log-forwarding create command creates log forwarding destinations for remote logging.

Parameters

-destination <Remote InetAddress> - Destination Host

Host name or IPv4 or IPv6 address of the server to forward the logs to.

[-port <integer>] - Destination Port

The port that the destination server listen on.

[-protocol {udp-unencrypted|tcp-unencrypted|tcp-encrypted}] - Log Forwarding Protocol

The protocols are used for sending messages to the destination. The protocols can be one of the following values:

udp-unencrypted - User Datagram Protocol with no security
tcp-unencrypted - Transmission Control Protocol with no security
tcp-encrypted - Transmission Control Protocol with Transport Layer Security (TLS)

[-verify-server {true|false}] - Verify Destination Server Identity

When this parameter is set to true, the identity of the log forwarding destination is verified by validating its certificate. The value can be set to true only when the tcp-encrypted value is selected in the protocol field. When this value is true the remote server might be validated by OCSP. The OCSP validation for cluster logs is controlled with the security config ocsp enable -app audit_log and security config ocsp disable -app audit_log.

[-facility <Syslog Facility>] - Syslog Facility

The syslog facility to use for the forwarded logs.

[-force [true]] - Skip the Connectivity Test

Normally, the cluster log-forwarding create command checks that the destination is reachable via an ICMP ping, and fails if it is not reachable. Setting this value to true bypasses the ping check so that the destination can be configured when it is unreachable.

Examples

This example causes audit logs to be forwarded to a server at address 192.168.0.1, port 514 with USER facility.

cluster1::> cluster log-forwarding create -destination 192.168.0.1 -port 514 -facility user

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-930%2Fcluster__log-forwarding__create.html

jtovb · ‎2020-09-24

Thanks nboggs, sorry for the delay. I did the cluster xxx commands and logging is set.

I was using the event destination xxx commands. That was what was talked about in a NetApp course I am taking. I am getting entries to our log server now with the cluster xxx commands.

Thanks.

Forward Event Logs on non-Standard Port

cluster log-forwarding create

Description

Parameters

Examples

cluster log-forwarding create

Description

Parameters

Examples

Get ready to power on