ONTAP Discussions

Sysloging +Config

OldGreyBeard

Hi All

Setting up Syslogging here and have a few questions.

Initial config planned as as below.

 

OldGreyBeard_0-1634058755742.png

However i need to send on a specific TCP port so should i just need do this as below

"SyslogServer-VIP_IP-address:512"

 

And based on the logging options what is the difference between all of the below...

Looks like they are mostly all the same except "No-Info-Debug" also logs at Notice level.

 

OldGreyBeard_1-1634059647739.png

 

2 REPLIES 2

aladd

for the command you would need to use the -port flag to specify the port 512.

 

example:

 

::>cluster log-forwarding create -destination <ip> -port 512 -facility <syslog facility>

 

 

REF: https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-970%2Fcluster__log-forwarding__create.html

cruxrealm

I assume you are changing the port for security purposes.  I suggest just keep the same port and instead use encryption.   However,  if that is not possible,   as mentioned,  you can use the "cluster log-forwarding create" command to change port number.

 

As for the logging question,  what you see are the default filters.   I suggest,  create your own filter and rules, create the destination, and assign the filter to the destination:

<DOT 9.1+>

event filter create -filter-name <filtername>

event notification destination create -name <destname> -syslog  <syslogname or IP>

event notification create -filter-name <filtername> -destinations <destname>

event filter rule add -filter-name <filtername> -type <include/exclude> -message-name  <message>

If you are unfamiliar with setting event filters and destinations, you can read this KB about Ontap logging and its corresponding  "Additional Information" links:  

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Overview_of_ONTAP_Logs

Public