Skip to main content
NetApp Knowledge Base

Is there way to transfer audit events to syslog server using different facility code to distinguish them from EMS events?

  1. Last updated
  2. Save as PDF
Views:
96
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9
  • Cloud Volumes ONTAP (CVO)

Answer

Yes,  when configuring cluster log-forwarding for audit log transfer, users can specify one of the ONTAP undefined facility, local0(Code:16)through local7(Code:22).

Exmaple:

::> cluster log-forwarding create -destination 10.128.xx.yy -facility local0

Note:

  • When configuring cluster log-forwarding to transfer the audit log to a syslog server, the facility  user(code:1) are used by default.
  • Because EMS event notifications use the same facility code, users are unable to distinguish between EMS logs and audit logs.

Additional Information

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.