Syslog Event Source IPs

darraghos · ‎2018-10-10

Guys, I have 2 separate C-Mode 9.3 clusters that syslog events to an external syslog server. This is generally working fne and both have the exact same policy defined. However, on one cluster I get the following:

syslogs with source IP for each node and each cluster IP i.e. each node is sending syslogs and each cluster is

On the other one though I only get logs from the nodes IPs and not the cluster. Is this configureable somewhere?

Lacem · ‎2018-12-03

-Each node is responsible for its EMS logging and as such will send via the node mgmt interface. Its possible we may be using the cluster mgmt LIF due to a connection problem with the node mgmt LIF. Or possibly routing is not correct.

-Suggest to open a support case so that we can investigate further.

-When opening a case provide the following:

--Cluster SNs
--::>event destination show -instance

Also , please review the following articles:

https://kb.netapp.com/app/answers/answer_view/a_id/1001020/loc/en_US#__highlight

https://kb.netapp.com/app/answers/answer_view/a_id/1029819/~/how-to-forward-syslog-messages-to-a-remote-syslog-loghost-in-clustered-data

Please also check that we can ping and traceroute from the syslog server to the cluster_mgmt LIF and the node_mgmt LIF