Isilon

Last reply by 09-09-2022 Solved
Start a Discussion
2 Bronze
2 Bronze
4624

syslog forwarding onefs 8.1.0.4 not working

We just installed our new Isilon-Cluster and we would like to forward our syslog messages (auditing) to our rsyslog-server. The rsyslog-server is reachable by pinging and all ports (514) are opened. The local auditing is working on our Isilon-Cluster, but they arent forwarded to the rsyslog-server. We have tested the rsyslog-server with another linux client and the server receives all messages.

Here is our current configuration of the Isilon-Cluster:



isi audit settings view

Audit Failure: create, delete, get_security, read, write

Audit Success: close, create, delete, get_security, read, write

Syslog Audit Events: close, create, delete, read, write

Syslog Forwarding Enabled: Yes

isi audit settings global view

Protocol Auditing Enabled: Yes

Audited Zones: XY

CEE Server URIs: -

Hostname: -

Config Auditing Enabled: Yes

Config Syslog Enabled: Yes

/etc/syslog.conf

*.warn;*.notice;kern.*;ifs.info;istat.none @Server-rsyslog

!audit_config

*.* /var/log/audit_config.log

*.* @Server-rsyslog

!audit_protocol

*.* /var/log/audit_protocol.log

*.* @Server-rsyslog

isi_log_server list

LOGSERVER FILTER

Server-rsyslog *.warn;*.notice;kern.*;ifs.info;istat.none

Labels (4)
Solution (1)

Accepted Solutions
3 Argentum
4260

Put your info into /etc/mcp/override/syslog.conf

# cat /etc/mcp/override/syslog.conf

*.warn;*.notice;kern.*;ifs.info;istat.none              @syslogserver.example.com

View solution in original post

Replies (5)
3 Argentum
4261

Put your info into /etc/mcp/override/syslog.conf

# cat /etc/mcp/override/syslog.conf

*.warn;*.notice;kern.*;ifs.info;istat.none              @syslogserver.example.com

2 Bronze
2 Bronze
4260

Thanks, this change solved the problem.

1204

Hello , we are having your exact same issue with receiving logs from isilon to a syslog server. Hoping we could validate our syslog.conf configuration. this is out syslog conf  below. Thank you

*.warn;*.notice;kern.*;ifs.info;istat.none @172.X.X.X
auth.* @172.X.X.X
!audit_config
*.* /var/log/audit_config.log
*.* @172.X.X.X
!audit_protocol
*.* /var/log/audit_protocol.log
*.* @172.X.X.X

1201

Hi,

It looks fine. Are you having the error with that config?


Thanks,

DELL-Josh Cr
Social Media and Communities Professional
Dell Technologies | Enterprise Support Services
#IWork4Dell

Did I answer your query? Please click on ‘Accept as Solution’. ‘Kudo’ the posts you like!

118

This worked for me.
Thanks!

HectorB.

Latest Solutions
Top Contributor