This post is more than 5 years old
178 Posts
2
20411
Syslog configuration for Isilon
We are configuring Isilon to send syslog information to splunk servers. Could any one suggest how can I perform this or any document refering to this.
Thanks
This post is more than 5 years old
178 Posts
2
20411
We are configuring Isilon to send syslog information to splunk servers. Could any one suggest how can I perform this or any document refering to this.
Thanks
Top
cincystorage
467 Posts
3
February 20th, 2013 13:00
You've got two options.. You can modify the syslog.conf file like you would any FreeBSD box. The biggest different is restarting the syslogd process on all nodes of the cluster either manually or by doinga :
isi_for_array -sq 'killall -HUP syslogd'
The other, and easier, option might be hte "isi_log_server" command which will do the same thing as editing the syslong.conf file... The syntax is:
isi_log_server add [filter]
The filter syntax is the same as syslog.. The default is "*.warn;*.notice;kern.*;ifs.info;istat.none""
Just make sure the remote server is setup to allow remote logging.
ude1
7 Posts
0
February 21st, 2013 04:00
Thanks mmay.
Tried it on two clusters. It works!
ude1
7 Posts
0
February 21st, 2013 05:00
I'm not the thread starter :-)
cincystorage
467 Posts
0
February 21st, 2013 05:00
No Problem. Glad it works! Don't forget to mark your question as answered so other people can find the answer easily.
asafayan1
31 Posts
0
November 25th, 2014 13:00
Hi,
I'm trying to configure all syslog level 4 / warning and above with the following syntax but it is failing. What am I doing wrong?
# isi_log_server add 172.19.39.70 *.warn;
zsh: no matches found: *.warn
Does anyone have any recommended syslog level to configure on the Isilon platforms?
TIA,
Amir
Peter_Sero
1.2K Posts
2
November 25th, 2014 20:00
# isi_log_server add 172.19.39.70 '*.warn;'
i.e. enclose the last parameter in quotes ' '
otherwise the shell looks out for filenames matching *.warn,
which is not want you here.
Cheers
-- Peter
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
April 28th, 2016 14:00
This article may also be helpful, especially if you want to just enable forwarding of audit logs: https://support.emc.com/kb/304052
vyasakshay
14 Posts
0
March 1st, 2017 02:00
I am getting the audit events for one zone but i am not getting it for other.
i have enabled audit protocol for that zone.
what might be the problem?
Rao M
1 Message
0
April 17th, 2020 08:00
Thanks, This worked.
How can I send Encrypted logs to Syslog server using port 6514?
Thanks
Rao