Audit logs not received by syslog server/ splunk server
Applies to
- ONTAP 9.12.1 and later
- Syslog server
- Splunk server
Issue
- While audit log forwarding is configured, audit logs are not received by the syslog server.
- The log forwarding service is applied to the Intercluster LIFs policy:
::> network interface show -services management-log-forwarding -fields service-policy,services
vserver lif service-policy services
-------- ----------------- ------------------ ---------------------------------------
cluster1 intercluster_1 default-intercluster
intercluster-core,management-https,backup-ndmp-control,management-log-forwarding
cluster1 intercluster_2 default-intercluster
intercluster-core,management-https,backup-ndmp-control,management-log-forwarding
5 entries were displayed.
