Forwarding the audit log to a destination

You can forward the audit log to a maximum of 10 destinations that you specify by using the cluster log-forwarding create command. For example, you can forward the log to a Splunk or syslog server for monitoring, analysis, or backup purposes.

About this task

If the cluster log-forwarding create command cannot ping the destination host to verify connectivity, the command fails with an error. Although not recommended, using the -force parameter with the command bypasses the connectivity verification.

You can configure transmission security options when forwarding log files:

Procedure

  1. For each destination that you want to forward the audit log to, specify the destination IP address or host name and any security options. 
    cluster1::> cluster log-forwarding create -destination 192.168.123.96 
-port 514 -facility user

cluster1::> cluster log-forwarding create -destination 192.168.123.98 
-port 514 -protocol tcp-encrypted -facility user
  2. Verify that the destination records are correct by using the cluster log-forwarding show command.
    cluster1::> cluster log-forwarding show

                                                 Verify Syslog
Destination Host          Port   Protocol        Server Facility
------------------------- ------ --------        ------ --------
192.168.123.96            514    udp-unencrypted false  user
192.168.123.98            514    tcp-encrypted   true   user
2 entries were displayed.
Parent topic: Managing audit logging for management activities
Related information
Copyright © 1994-2021, NetApp, Inc. All rights reserved.
Part number: 215-11148_2021-07_en-us
July 2021
Updated for ONTAP 9.9.1