Release notes
Storage administrative system auditing
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Ensure the integrity of event auditing by offloading ONTAP events to a remote syslog server. This server could be a security information event management system such as Splunk.
Send out syslog
Log and audit information is invaluable to an organization from a support and availability standpoint. In addition, the information and details contained in logs (syslog) and audit reports and outputs are generally of a sensitive nature. To maintain security controls and posture, it is imperative that organizations manage log and audit data in a secure manner.
Offloading of syslog information is necessary for limiting the scope or footprint of a breach to a single system or solution. Therefore, NetApp recommends securely offloading syslog information to a secure storage or retention location.
Create a log-forwarding destination
Use the cluster log-forwarding create command to create log-forwarding destinations for remote logging.
Use the following parameters to configure the cluster log-forwarding create command:
-
Destination host. This name is the host name or IPv4 or IPv6 address of the server to which to forward the logs.
-destination <Remote InetAddress>
-
Destination port. This is the port on which the destination server listens.
[-port <integer>]
-
Log-forwarding protocol. This protocol is used for sending messages to the destination.
[-protocol \{udp-unencrypted|tcp-unencrypted|tcp-encrypted}]The log-forwarding protocol can use one of the following values:
-
udp-unencrypted. User Datagram Protocol with no security. -
tcp-unencrypted. TCP with no security. -
tcp-encrypted. TCP with Transport Layer Security (TLS).
-
-
Verify destination server identity. When this parameter is set to true, the identity of the log-forwarding destination is verified by validating its certificate. The value can be set to true only when the
tcpencryptedvalue is selected in the protocol field.[-verify-server \{true|false}] -
Syslog facility. This value is the syslog facility to use for the forwarded logs.
[-facility <Syslog Facility>]
-
Skip the connectivity test. Normally, the
cluster log-forwarding createcommand checks that the destination is reachable by sending an Internet Control Message Protocol (ICMP) ping and fails if it is not reachable. Setting this value totruebypasses the ping check so that you can configure the destination when it is unreachable.[-force [true]]
|
NetApp recommends using the cluster log-forwarding command to force the connection to a -tcp-encrypted type.
|
Event notification
Securing the information and data leaving a system is vital to maintaining and managing the system's security posture. The events generated by the ONTAP solution provide a wealth of information about what the solution is encountering, the information processed, and more. The vitality of this data highlights the need to manage and migrate it in a secure manner.
The event notification create command sends a new notification of a set of events defined by an event filter to one or more notification destinations. The following examples depict the event notification configuration and the event notification show command, which displays the configured event notification filters and destinations.
cluster1::> event notification create -filter-name filter1 -destinations email_dest,syslog_dest,snmp-traphost cluster1::> event notification show ID Filter Name Destinations ----- ---------------- ----------------- 1 filter1 email_dest, syslog_dest, snmp-traphost