Skip to main content

We've Moved!

Product Documentation has moved to docs.hitachivantara.com
Hitachi Vantara Knowledge

Configuring syslog logging

You can have HCP send system log messages to one or more syslog servers. You can also have HCP send access log messages about HTTP data access events or log messages about management API access requests to the syslog servers. When you send log messages to syslog servers, you can use tools in your syslog environment to perform functions such as sorting the messages, querying for certain events, or forwarding error messages to a mobile device.

Tenant-level administrators can choose to include tenant log messages along with the system log messages sent to the syslog servers.

If you identify any syslog servers to HCP, HCP also sends the results of diagnostic commands to those servers.

System log messages sent to syslog servers

For each system log message about an event, HCP sends this information to the specified syslog servers:

  • A unique identifier for the system log entry.
  • A message segment number, if applicable. Messages that exceed 1,024 characters are split into two or more messages, all of which have the same log entry identifier. These message segments are numbered sequentially, starting with 0 (zero) for the first segment.

    HCP sends at most 100 segments for a log message, for a total of 102,400 characters. Any text beyond that is not sent.

  • The message ID.
  • The date and time the event occurred.
  • The severity of the event.
  • The front-end network IP addresses and node number assigned to the node on which the event occurred.
  • If the event applies to a specific logical volume, the volume identifier.
  • The user name and ID of the event initiator.
  • The full message text.

You can choose the severity level of the log messages to be sent. You can also choose whether or not to send messages about security events (that is, attempts to log into the System Management Console with an invalid user name) and compliance events. Compliance events happen at the namespace level, so these messages are sent to the syslog servers only if syslog logging is enabled at the tenant level.

NoteSystem log messages are not guaranteed to arrive at the syslog servers to which they’re sent. This is because the syslog protocol uses UDP for data transmission.

Enabling syslog logging

For HCP to send log messages through syslog, you need to specify the IP addresses of one or more syslog servers. Each syslog server IP address that you specify must be routable from the [hcp_system] network. For this reason, if you specify an IPv6 unique local address (ULA) for a syslog server, then the [hcp_system] network must be configured with an IPv6 ULA that can be used to connect to that syslog server. When you specify multiple servers, HCP sends log messages to all of the specified servers.

You also need to select the syslog local facility to which to direct the log messages. This selection applies to all the syslog servers that you specify.

You use the Syslog page in the HCP System Management Console to set up logging through syslog. You also use this page to test the connections to the syslog servers you specify.

To display the Syslog page, in the top-level menu of the System Management Console, select Monitoring Syslog.

NoteTo view the Syslog page, you need the monitor, administrator, security, or compliance role. To configure syslog logging and test the connections to syslog servers, you need the administrator or security role.

To configure HCP to send log messages to syslog servers, on the Syslog page:

  • Specify syslog settings:
    • Select Enable syslog
    • To include log messages about compliance events, select Send compliance events.
    • To include log messages about security events, select Send security events.
    • In the Send log messages at this level or higher field, select the severity level of messages to be sent to the specified syslog servers:
      • OFF

        tells HCP not to send any log messages.

      • NOTICE

        sends messages with a severity level of Notice, Warning, or Error.

      • WARNING

        sends messages with a severity level of Warning or Error.

      • ERROR

        sends only messages with a severity level of Error.

    • In the HTTP access Facility field, select the syslog local facility to which to direct log messages. The options are local0 through local7.
    • To include log messages about HTTP-based data access events, select Send log messages for HTTP-based data access requests. When you enable this option, HCP sends information to the syslog regarding data access requests that use the HTTP namespace access protocol.
    • In the MAPI access Facility field, select the syslog local facility to which to direct log messages. The options are local0 through local7.
    • To include log messages about management API request events, select Send log messages for management API requests. When you enable this option, HCP sends information to the syslog regarding request events that use the HCP management API.

      Then click Update Settings.

      TipBefore you submit your changes, you can test the connections to the specified syslog servers.
  • Specify one or more syslog server IP addresses. For each syslog server that you want to use with HCP, specify the IPv4 or IPv6 address that you want HCP to use to connect to that server.

    You specify each syslog server IP address as a separate entry in the syslog server list.

Adding an IP address to the syslog server list

You can add an IP address to the syslog server list.

Before you begin

To view the Syslog page, you need the monitor, administrator, security, or compliance role. To configure syslog logging and test the connections to syslog servers, you need the administrator or security role.

Procedure

  1. In the Syslog Server IP Addresses field, type the IP address, optionally followed by a colon and a port number.

    If you omit the port number, HCP uses port number 514.

    Each entry in this list must be a single IP address. IP address ranges and comma-separated lists are not valid.

  2. Click Add.

    The specified IP address moves into the list below the field.

Next steps

To remove an IP address from the syslog server list, click the delete control (Delete control icon) for that IP address. To remove all the IP addresses from the list, click Delete All.

Testing syslog connections

At any time, you can test the connections to the syslog servers whose IP addresses appear on the Syslog page. Testing the connections causes HCP to send a message to the target IP addresses. To verify that the connections are working, you need to use your syslog tools to check that the message arrived.

The message HCP sends to the syslog servers has a severity level of Notice. Therefore, for the message to be sent successfully, the severity level of messages to be sent must be set to NOTICE.

Before you begin

To view the Syslog page, you need the monitor, administrator, security, or compliance role. To configure syslog logging and test the connections to syslog servers, you need the administrator or security role.

Procedure

  1. On the Syslog page, click Test.

    HCP sends this message to the syslog servers:
    User username sent system log test message.
  2. Check each syslog server to ensure that the message arrived.

Next steps

If a syslog server doesn’t receive the message:
  • Check that you’ve correctly specified the target IP address.
  • Check that you can successfully ping the target IP address.
  • If you’re unable to determine the cause of the problem, contact your authorized HCP service provider for help.

 

  • Was this article helpful?