ONTAP Discussions

Forwarding logs to another dervice

SVHO
3,288 Views

 

We want to send logs to another device.  Per instructions on the link below, which interface would the logs be sent out from.  We have 2 controllers (FAS2650).  I am guessing its the cluster management interface.  Please confirm.

 

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-sag%2FGUID-9F8EB0DF-12F5-4DA9-B14B-34487DE3717D.html

 

cluster1::> cluster log-forwarding create -destination 192.168.123.96 -port 514 -facility user

cluster1::> cluster log-forwarding create -destination 192.168.123.98 -port 514 -protocol tcp-encrypted -facility user

 

Also, what kind of events would it send? Would it be just CIFS access related events?

 

Thanks,

TT

 

 

4 REPLIES 4

hmoubara
3,256 Views

Hello,

 

The logs are transferred either via the node management lif or the cluster management lif. This command is intended for the audit logs to be transferred to a remote server.

 

Thanks  

SVHO
3,228 Views

 

So the actual IP address (source) would be from where the command was initialized?

 

Thanks again.

 

TT

hmoubara
3,225 Views

Correct

 

SVHO
3,180 Views

 

Forgot where I read an article saying by default ONTAP does not turn the audit logs on since it takes up resources (probably disk space).  So if we were to turn "ON" the forwarding of the logs, would it just forward the logs only or does it generates the logs locally on the system as well?

 

I believe this is the article I need review for the actual setup.

 

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cifs-nfs-audit%2FGUID-976B35AF-844A-4A8E-95F6-60EC45EEFD58.html

 

 

Thanks,

TT

Public