Skip to main content

Configuring important EMS events to forward notifications to a syslog server

Contributors netapp-aherbin

To log notifications of the most severe events on a syslog server, you must configure the EMS to forward notifications for events that signal important activity.

What you'll need

DNS must be configured on the cluster to resolve the syslog server name.

About this task

If your environment does not already contain a syslog server for event notifications, you must first create one. If your environment already contains a syslog server for logging events from other systems, then you might want to use that one for important event notifications.

You can perform this task any time the cluster is running by entering the commands on the ONTAP CLI.

Beginning with ONTAP 9.12.1, EMS events can be sent to a designated port on a remote syslog server via the Transport Layer Security (TLS) protocol. Two new parameters are available:

tcp-encrypted

When tcp-encrypted is specified for the syslog-transport, ONTAP verifies the identity of the destination host by validating its certificate. The default value is udp-unencrypted.

syslog-port

The default value syslog-port parameter depends on the setting for the syslog-transport parameter. If syslog-transport is set to tcp-encrypted, syslog-port has the default value 6514.

For details, see the event notification destination create man page.

Steps
  1. Create a syslog server destination for important events:

    event notification destination create -name syslog-ems -syslog syslog-server-address -syslog-transport {udp-unencrypted|tcp-unencrypted|tcp-encrypted}

    Beginning with ONTAP 9.12.1, the following values can be specified for syslog-transport:

    • udp-unencrypted - User Datagram Protocol with no security

    • tcp-unencrypted - Transmission Control Protocol with no security

    • tcp-encrypted - Transmission Control Protocol with Transport Layer Security (TLS)

    The default protocol is udp-unencrypted`.

  2. Configure the important events to forward notifications to the syslog server:

    event notification create -filter-name important-events -destinations syslog-ems