ONTAP Discussions

Forwarding logs to another dervice

SVHO

 

We want to send logs to another device.  Per instructions on the link below, which interface would the logs be sent out from.  We have 2 controllers (FAS2650).  I am guessing its the cluster management interface.  Please confirm.

 

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-sag%2FGUID-9F8EB0DF-12F5-4DA9-B14B-34487DE3717D.html

 

cluster1::> cluster log-forwarding create -destination 192.168.123.96 -port 514 -facility user

cluster1::> cluster log-forwarding create -destination 192.168.123.98 -port 514 -protocol tcp-encrypted -facility user

 

Also, what kind of events would it send? Would it be just CIFS access related events?

 

Thanks,

TT

 

 

4 REPLIES 4

hmoubara

Hello,

 

The logs are transferred either via the node management lif or the cluster management lif. This command is intended for the audit logs to be transferred to a remote server.

 

Thanks  

SVHO

 

So the actual IP address (source) would be from where the command was initialized?

 

Thanks again.

 

TT

hmoubara

Correct

 

SVHO

 

Forgot where I read an article saying by default ONTAP does not turn the audit logs on since it takes up resources (probably disk space).  So if we were to turn "ON" the forwarding of the logs, would it just forward the logs only or does it generates the logs locally on the system as well?

 

I believe this is the article I need review for the actual setup.

 

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cifs-nfs-audit%2FGUID-976B35AF-844A-4A8E-95F6-60EC45EEFD58.html

 

 

Thanks,

TT

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public