Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Configuring syslog logging


You can have HCP send system log messages to one or more syslog servers. You can also have HCP send access log messages about HTTP data access events or log messages about management API access requests to the syslog servers. When you send log messages to syslog servers, you can use tools in your syslog environment to perform functions such as sorting the messages, querying for certain events, or forwarding error messages to a mobile device.

Tenant-level administrators can choose to include tenant log messages along with the system log messages sent to the syslog servers.

If you identify any syslog servers to HCP, HCP also sends the results of diagnostic commands to those servers. For information on diagnostic commands, see Running diagnostics.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

System log messages sent to syslog servers


For each system log message about an event, HCP sends this information to the specified syslog servers:

A unique identifier for the system log entry.

A message segment number, if applicable. Messages that exceed 1,024 characters are split into two or more messages, all of which have the same log entry identifier. These message segments are numbered sequentially, starting with 0 (zero) for the first segment.

HCP sends at most 100 segments for a log message, for a total of 102,400 characters. Any text beyond that is not sent.

The message ID.

The date and time the event occurred.

The severity of the event.

The front-end network IP addresses and node number assigned to the node on which the event occurred.

If the event applies to a specific logical volume, the volume identifier.

The username and ID of the event initiator.

The full message text.

You can choose the severity level of the log messages to be sent. You can also choose whether or not to send messages about security events (that is, attempts to log into the System Management Console with an invalid username) and compliance events. Compliance events happen at the namespace level, so these messages are sent to the syslog servers only if syslog logging is enabled at the tenant level.

NoteWebHelp.png

Note: System log messages are not guaranteed to arrive at the syslog servers to which they’re sent. This is because the syslog protocol uses UDP for data transmission.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Enabling syslog logging


For HCP to send log messages through syslog, you need to specify the IP addresses of one or more syslog servers. Each syslog server IP address that you specify must be routable from the [hcp_system] network. For this reason, if you specify an IPv6 unique local address (ULA) for a syslog server, then the [hcp_system] network must be configured with an IPv6 ULA that can be used to connect to that syslog server. When you specify multiple servers, HCP sends log messages to all of the specified servers.

You also need to select the syslog local facility to which to direct the log messages. This selection applies to all the syslog servers that you specify.

You use the Syslog page in the HCP System Management Console to set up logging through syslog. You also use this page to test the connections to the syslog servers you specify.

To display the Syslog page, in the top-level menu of the System Management Console, select Monitoring Syslog.

RoleWebHelp.png

Roles: To view the Syslog page, you need the monitor, administrator, security, or compliance role. To configure syslog logging and test the connections to syslog servers, you need the administrator or security role.

To configure HCP to send log messages to syslog servers, on the Syslog page:

Specify syslog settings:

oSelect Enable syslog.

oTo include log messages about compliance events, select Send compliance events.

oTo include log messages about security events, select Send security events.

oIn the Send log messages at this level or higher field, select the severity level of messages to be sent to the specified syslog servers:

OFF tells HCP not to send any log messages.

NOTICE sends messages with a severity level of Notice, Warning, or Error.

WARNING sends messages with a severity level of Warning or Error.

ERROR sends only messages with a severity level of Error.

oIn the HTTP access Facility field, select the syslog local facility to which to direct log messages. The options are local0 through local7.

oTo include log messages about HTTP-based data access events, select Send log messages for HTTP-based data access requests. When you enable this option, HCP sends information to the syslog regarding data access requests that use the HTTP namespace access protocol.

oIn the MAPI access Facility field, select the syslog local facility to which to direct log messages. The options are local0 through local7.

oTo include log messages about management API request events, select Send log messages for management API requests. When you enable this option, HCP sends information to the syslog regarding request events that use the HCP management API.

Then click on Update Settings.

TipWebHelp.png

Tip: Before you submit your changes, you can test the connections to the specified syslog servers, as described in Testing syslog connections.

Specify one or more syslog server IP addresses. For each syslog server that you want to use with HCP, specify the IPv4 or IPv6 address that you want HCP to use to connect to that server.

You specify each syslog server IP address as a separate entry in the syslog server list. To add an IP address to the syslog server list:

1.In the Syslog Server IP Addresses field, type the IP address, optionally followed by a colon and a port number. If you omit the port number, HCP uses port number 514.

Each entry in this list must be a single IP address. IP address ranges and comma-separated lists are not valid.

2.Click on Add.

The specified IP address moves into the list below the field.

To remove an IP address from the syslog server list, click on the delete control ( DeleteControl.png ) for that IP address. To remove all the IP addresses from the list, click on Delete All.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

Testing syslog connections


At any time, you can test the connections to the syslog servers whose IP addresses appear on the Syslog page. Testing the connections causes HCP to send a message to the target IP addresses. To verify that the connections are working, you need to use your syslog tools to check that the message arrived.

The message HCP sends to the syslog servers has a severity level of Notice. Therefore, for the message to be sent successfully, the severity level of messages to be sent must be set to NOTICE.

To test the connections to the specified syslog servers:

1.On the Syslog page, click on Test. HCP sends this message to the syslog servers:

User username sent system log test message.

2.Check each syslog server to ensure that the message arrived.

If a syslog server doesn’t receive the message:

Check that you’ve correctly specified the target IP address.

Check that you can successfully ping the target IP address.

If you’re unable to determine the cause of the problem, contact your authorized HCP service provider for help.

© 2015, 2019 Hitachi Vantara Corporation. All rights reserved.

 

  • Was this article helpful?