Highlighted
MH2410
1 Copper

syslog forwarding onefs 8.1.0.4 not working

Jump to solution

We just installed our new Isilon-Cluster and we would like to forward our syslog messages (auditing) to our rsyslog-server. The rsyslog-server is reachable by pinging and all ports (514) are opened. The local auditing is working on our Isilon-Cluster, but they arent forwarded to the rsyslog-server. We have tested the rsyslog-server with another linux client and the server receives all messages.

Here is our current configuration of the Isilon-Cluster:



isi audit settings view

Audit Failure: create, delete, get_security, read, write

Audit Success: close, create, delete, get_security, read, write

Syslog Audit Events: close, create, delete, read, write

Syslog Forwarding Enabled: Yes

isi audit settings global view

Protocol Auditing Enabled: Yes

Audited Zones: XY

CEE Server URIs: -

Hostname: -

Config Auditing Enabled: Yes

Config Syslog Enabled: Yes

/etc/syslog.conf

*.warn;*.notice;kern.*;ifs.info;istat.none @Server-rsyslog

!audit_config

*.* /var/log/audit_config.log

*.* @Server-rsyslog

!audit_protocol

*.* /var/log/audit_protocol.log

*.* @Server-rsyslog

isi_log_server list

LOGSERVER FILTER

Server-rsyslog *.warn;*.notice;kern.*;ifs.info;istat.none

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
ed_wilts
2 Iron

Re: syslog forwarding onefs 8.1.0.4 not working

Jump to solution

Put your info into /etc/mcp/override/syslog.conf

# cat /etc/mcp/override/syslog.conf

*.warn;*.notice;kern.*;ifs.info;istat.none              @syslogserver.example.com

0 Kudos
2 Replies
ed_wilts
2 Iron

Re: syslog forwarding onefs 8.1.0.4 not working

Jump to solution

Put your info into /etc/mcp/override/syslog.conf

# cat /etc/mcp/override/syslog.conf

*.warn;*.notice;kern.*;ifs.info;istat.none              @syslogserver.example.com

0 Kudos
MH2410
1 Copper

Re: syslog forwarding onefs 8.1.0.4 not working

Jump to solution

Thanks, this change solved the problem.

0 Kudos