Skip to main content
NetApp Knowledge Base

Questions regarding Event log fowarding

  1. Last updated
  2. Save as PDF
Views:
44
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9

Answer

  • do the logs provide session or transaction ID associated with it?
                ONTAP does not generate Session or Transaction IDs.
  • Are the Start up and shut down of the system logs generated?
                Example start up and shutdown logs:
                    Node 2 takeover when node 1 is rebooting:
                    Sat Apr 20 08:09:47 -0500 [Node-02: shutdown_thread0: ha.localNodeShutDown:notice]: Shutdown of the local node has been initiated with inhibit_takeover set to FALSE.
                    Sat Apr 20 08:40:25 -0500 [Node-02: svc_queue_thread: cf.misc.operatorTakeover:notice]: Failover monitor: takeover initiated by operator
                    Sat Apr 20 08:40:25 -0500 [Node-02: ThreadHandlerun: clam.partner.halting:info]: CLAM is notified that its HA partner node is undergoing a planned shutdown (reason: Planned takeover)
                    Sat Apr 20 08:41:09 -0500 [Node-02: cf_takeover: callhome.reboot.takeover:notice]: Call home for PARTNER REBOOT (CONTROLLER TAKEOVER)
                    Sat Apr 20 08:41:09 -0500 [Node-02: cf_takeover: cf.fm.takeoverComplete:notice]: Failover monitor: takeover completed

                After node 1 is back online and node 2 issues giveback:
                    Sat Apr 20 08:55:40 -0500 [Node-02: svc_queue_thread: cf.misc.operatorGiveback:info]: Failover monitor: giveback initiated by operator
                    Sat Apr 20 08:59:39 -0500 [Node-02: cf_giveback: callhome.sfo.giveback:notice]: Call home for CONTROLLER GIVEBACK COMPLETE

  • Modifications to the application:
                Cluster log forwarding sends the AUDIT-MLOG to the designated destination. This audit log contains all the commands ran on the cluster, the account logged, and he source of the connection:
                Example From user logged into console:
                    Sat Apr 20 2024 09:12:28 -05:00 [kern_audit:info:3000] 8003e80000000740:8003e80000000741 :: Cluster01:console :: localhost:unknown :: Cluster01:admin :: system node run -node node1 -command volume show :: Pending
                Example from SystemManager:
                    Tue Apr 23 2024 02:33:57 -04:00 [kern_audit:info:3646] 8503ec000033fcbd :: Cluster01:ontapi :: 14.80.109.10:55010 :: Cluster01:admin :: volume-mount :: Success:
                Example from SSH:
                    Tue Apr 23 2024 09:21:28 -04:00 [kern_audit:info:3646] 8003ec000029102a:8003ec000029102b :: Cluster01:ssh :: 10.10.0.10:51045 :: Cluster01:admin :: Logging in :: Success

  • Application alerts and error messages:
                Event log forwarding sends the EMS alerts generated by ONTAP to a designated address. 
                Which alerts and warnings sent are configurable using the event filters:
                https://docs.netapp.com/us-en/ontap/software_setup/task_configure_important_ems_events_to_forward_notifications_to_a_syslog_server.html

Additional Information

additionalInformation_text

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.