Forwarding logs to another dervice

SVHO · ‎2020-06-24

We want to send logs to another device. Per instructions on the link below, which interface would the logs be sent out from. We have 2 controllers (FAS2650). I am guessing its the cluster management interface. Please confirm.

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-sag%2FGUID-9F8EB0DF-12F5-4DA9-B14B-34487DE3717D.html

cluster1::> cluster log-forwarding create -destination 192.168.123.96 -port 514 -facility user

cluster1::> cluster log-forwarding create -destination 192.168.123.98 -port 514 -protocol tcp-encrypted -facility user

Also, what kind of events would it send? Would it be just CIFS access related events?

Thanks,

TT

hmoubara · ‎2020-06-24

Hello,

The logs are transferred either via the node management lif or the cluster management lif. This command is intended for the audit logs to be transferred to a remote server.

Thanks

SVHO · ‎2020-06-24

So the actual IP address (source) would be from where the command was initialized?

Thanks again.

TT

hmoubara · ‎2020-06-24

Correct

SVHO · ‎2020-06-25

Forgot where I read an article saying by default ONTAP does not turn the audit logs on since it takes up resources (probably disk space). So if we were to turn "ON" the forwarding of the logs, would it just forward the logs only or does it generates the logs locally on the system as well?

I believe this is the article I need review for the actual setup.

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cifs-nfs-audit%2FGUID-976B35AF-844A-4A8E-95F6-60EC45EEFD58.html

Thanks,

TT