cluster log-forwarding create
Create a log forwarding destination
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The cluster log-forwarding create
command creates log forwarding destinations for remote logging.
Parameters
-destination <Remote InetAddress>
- Destination Host-
Host name or IPv4 or IPv6 address of the server to forward the logs to.
[-port <integer>]
- Destination Port-
The port that the destination server listen on.
[-protocol {udp-unencrypted|tcp-unencrypted|tcp-encrypted}]
- Log Forwarding Protocol-
The protocols are used for sending messages to the destination. The protocols can be one of the following values:
-
_ udp-unencrypted _
- User Datagram Protocol with no security -
_ tcp-unencrypted _
- Transmission Control Protocol with no security -
_ tcp-encrypted _
- Transmission Control Protocol with Transport Layer Security (TLS)
-
[-ipspace <IPspace>]
- IPspace of Destination-
The IPspace of the destination server.
[-verify-server {true|false}]
- Verify Destination Server Identity-
When this parameter is set to
true
, the identity of the log forwarding destination is verified by validating its certificate. The value can be set totrue
only when thetcp-encrypted
value is selected in the protocol field. When this value istrue
the remote server might be validated by OCSP. The OCSP validation for cluster logs is controlled with the security config ocsp enable -app audit_log and security config ocsp disable -app audit_log . [-facility <Syslog Facility>]
- Syslog Facility-
The Syslog facility to use for the forwarded logs.
[-force <true>]
- Skip the Connectivity Test-
Normally, the
cluster log-forwarding create
command checks that the destination is reachable via an ICMP ping, and fails if it is not reachable. Setting this value totrue
bypasses the ping check so that the destination can be configured when it is unreachable. [-message-format {legacy-netapp|rfc-5424}]
- Syslog Message Format-
Use this parameter to specify the message format to be used for Syslog messages.
The
message-format
can be one of the following values:-
legacy-netapp
- A variation of the RFC-3164 Syslog format (format: <PRIVAL>TIMESTAMP HOSTNAME: MSG) -
rfc-5424
- Syslog format as per RFC-5424 (format: <PRIVAL>VERSION TIMESTAMP HOSTNAME: MSG)
Refer to the respective RFCs for detailed information regarding the Syslog message formats. + The default message format is
legacy-netapp
. -
[-timestamp-format-override {no-override|rfc-3164|iso-8601-utc|iso-8601-local-time}]
- Syslog Timestamp Format Override-
Use this parameter to override the default timestamp format (based on the
message-format
parameter) used for Syslog messages.The
timestamp-format-override
can be one of the following values:-
no-override
- Timestamp format based on themessage-format
parameter (rfc-3164
if the message format islegacy-netapp
,iso-8601-local-time
if message format isrfc-5424
) -
rfc-3164
- Timestamp format as per RFC-3164 (format: Mmm dd hh:mm:ss) -
iso-8601-utc
- Timestamp format as per ISO-8601 in UTC (format: YYYY-MM-DDThh:mm:ssZ) -
iso-8601-local-time
- Timestamp format as per ISO-8601 in local time (format: YYYY-MM-DDThh:mm:ss+/-hh:mm)
The default value is
no-override
. When this parameter is modified, its value persists even whenmessage-format
is updated. + -
[-hostname-format-override {no-override|fqdn|hostname-only}]
- Syslog Hostname Format Override-
Use this parameter to override the default hostname format (based on the
message-format
parameter) used for Syslog messages.The
hostname-format-override
can be one of the following values:-
no-override
- Hostname format based on themessage-format
parameter (fqdn
if the message format isrfc-5424
,hostname-only
if message format islegacy-netapp
) -
fqdn
- Fully Qualified Domain Name (e.g., myhost.example.com) -
hostname-only
- Hostname only, without the domain name (e.g., myhost)
The default value is
no-override
. When this parameter is modified, its value persists even whenmessage-format
is updated. + -
Examples
This example causes audit logs to be forwarded to a server at address 192.168.0.1, port 514 with USER facility.
cluster1::> cluster log-forwarding create -destination 192.168.0.1 -port 514 -facility user