Syslog Server Reports Traffic from Intercluster LIF

Last updated

Mar 27, 2025
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 564

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:: 3/27/2025, 12:21:23 PM

Applies to

ONTAP 9
Syslog Server

Issue

Route get to the syslog server indicates that the traffic is being delivered from Cluster/Node management as expected
From the syslog server it is reported as coming from the intercluster LIF IP
- systemshell * sudo route get <SyslogIP>
- interface: e0M (Cluster/Node management port)
EMS reports errors:
- Dec 6 13:23:05 (Intercluster IP) [netapp01-a01:wafl.vol.snap_create.done:info]: type="Volume", owner="", vol="CustomerFiles", app="", volident="@vserver:111a01a1-a111-11aa-aa11-a111aa1a11a1", run_time="1111111"
Cluster Log forwarding shows forwarding to Syslog Server:

la-clust1::*> cluster log-forwarding show Verify Syslog Destination Host Port Protocol Server Facility ------------------------ ------ --------------- ------ -------- 172.25.200.123 514 udp-unencrypted false user IPspace: Default 172.25.201.124 514 udp-unencrypted false user IPspace: Default 172.25.202.125 514 udp-unencrypted false user IPspace: Default 3 entries were displayed