Hi,

Thanks for your question.

Which Onefs version is are you on? Try restarting syslogd isi_for_array 'pkill -SIGUSR1 syslogd

Let us know if you have any additional questions.

@DELL-Josh Cr​ 

OneFS 9.7.  I use /etc/rc.d/isi_syslogd restart to restart the syslog service.

Try https://dl.dell.com/content/manual56407880-powerscaleonefs-cli-command-reference.pdf?language=en-us Page 62

isi audit settings global modify --config-syslog-servers

instead of editing the files.

@DELL-Josh Cr

Thanks for the reply.  When I use the CLI as you suggested, I also have to enable TLS for events to show up in Splunk. However, these events show up as hex code.

Any nonstandard characters? https://splunk.my.site.com/customer/s/article/UTF-8-characters-are-being-hex-encoded-in-Splunk-logs

@Dan Adams​ 
Did you get this resolved?  I am seeing the same thing.

Hi,

Thanks for your question.

Which version are you running? Did you do the troubleshooting in this thread already?

Let us know if you have any additional questions.

@DELL-Josh Cr​ No non-standard or international characters in play.  Log events (with no hex code) show up in Splunk via the default port (udp 514) when I use syslog.conf to define syslog servers. I just need to get these evens forwarded via a different port.