I am required for compliance to track all user account activity. Therefore I need to track logon/logoff and login failures.
I have syslog configured on my filer but it only sends login failure messages out through syslog. Here is my syslog config.
Any help would be appreciated.
# $Id: //depot/prod/DOT/R8.0.3x/ontap/files/syslog.conf.sample#1 $
# Copyright (c) 1994-1996 Network Appliance.
# All rights reserved.
# Sample syslog.conf file. Copy to /etc/syslog.conf to use.
# You must use TABS for separators between fields.
# Log messages of priority info or higher to the console and to /etc/messages
# Edit and uncomment following line to log all messages of priority
# err or higher and all kernel messages to a remote host, e.g. adminhost
# *.err;kern.* @adminhost
# err or higher and all kernel messages to the local7 facility of the
# syslogd on a remote host, e.g. adminhost.
# *.err;kern.* local7.*@adminhost
# err or higher and all kernel messages to a remote host, e.g. adminhost,
# at priority debug.
# *.err;kern.* *.debug@adminhost
# err or higher and all kernel messages to the local5 facility of the
# syslogd on a remote host, e.g. adminhost, at priority info.
# *.err;kern.* local5.info@adminhost
#Remote logging to LEM
See The Solution
I believe you need to have options auditlog.enable on
This will log all login attempts/commands/failures in /etc/log/auditlog.
Then I believe adding local7.* @184.108.40.206in your syslog config will get it logging to your aggregator
That logs it into the auditlog but it does not send it out through syslog.
adding the local7 option in your syslog.conf SHOULD forward the auditlog to the syslog server.
This is the current configuration...and It is not sending....
Try, on the filer:
Then you should see it at the remote syslog server.
View solution in original post
Thank you that worked.