Sysloging +Config

OldGreyBeard · ‎2021-10-12

Hi All

Setting up Syslogging here and have a few questions.

Initial config planned as as below.

However i need to send on a specific TCP port so should i just need do this as below

"SyslogServer-VIP_IP-address:512"

And based on the logging options what is the difference between all of the below...

Looks like they are mostly all the same except "No-Info-Debug" also logs at Notice level.

aladd · ‎2021-10-12

for the command you would need to use the -port flag to specify the port 512.

example:

::>cluster log-forwarding create -destination <ip> -port 512 -facility <syslog facility>

REF: https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-970%2Fcluster__log-forwarding__create.html

cruxrealm · ‎2021-10-13

I assume you are changing the port for security purposes. I suggest just keep the same port and instead use encryption. However, if that is not possible, as mentioned, you can use the "cluster log-forwarding create" command to change port number.

As for the logging question, what you see are the default filters. I suggest, create your own filter and rules, create the destination, and assign the filter to the destination:

event filter create -filter-name <filtername>

event notification destination create -name <destname> -syslog <syslogname or IP>

event notification create -filter-name <filtername> -destinations <destname>

event filter rule add -filter-name <filtername> -type <include/exclude> -message-name <message>

If you are unfamiliar with setting event filters and destinations, you can read this KB about Ontap logging and its corresponding "Additional Information" links:

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Overview_of_ONTAP_Logs

Sysloging +Config

Portfolio Updates | NetApp ONAIR