Skip to main content
Hitachi Vantara Knowledge

Event logging and notification

The server provides a comprehensive event logging and alert mechanism and auxiliary devices in the storage subsystem automatically direct any events and SNMP traps to the server (or can be configured to do so).

All event messages generated by the server (including those issued by its auxiliary devices) are logged into an event log, which can be downloaded and cleared by the system administrator. The event log provides a record of past events that have occurred on the server, for use in trend/fault analysis.

Event message severity can be changed, and messages can be suppressed entirely, using the event-log-filter command . Using event-log-filter, you can specify that a command is to be run whenever a specified message is logged. For more information on the event-log-filter command, enter man event-log-filter, or refer to the Command Line Reference.

The server can also be configured for automated notification according to predefined severity categories, including daily summary and status notification. With automated notification enabled, the system will notify selected personnel when an event is generated, based on the level of severity of the event. 24x7 automated notifications allow customer support personnel to proactively monitor the health of the system and address any issues that may arise.

Using the event log

The server continuously monitors temperature, fans, power supply units, and disk drives in the cabinet. Each time an event occurs (for example, a disk failure or a possible breach of security, the system records it in an event log). The event log can be displayed, filtered, and saved as a permanent record.

The log can contain a maximum of 10,000 events. Once the event log limit has been reached, each new event replaces the oldest event in the log.

Displaying and filtering the event log

  1. Navigate to Home Status & Monitoring Event Log to display the Event Log Management page.

  2. Click filter to open the Filter dialog.

    • In a cluster, specify the cluster node for which to display the log. In the Cluster Node field, you can select the specific node or All Cluster Nodes.
    • In the Event Category field, select the type of events to be included in the log: All events, System events, or Security events.

      System events are events that the system components have logged, such as the failure of a drive. Security events track changes to the security system and identify possible breaches of security.

    • You can specify an Event ID that you want included in the log.
    • You can specify an Event Description that you want included in the log.
    • Select the severity level of the events you want included in the log by selecting one or more of the check boxes: Information, Warning, or Severe. The Severe level includes any Critical events.
    • Click OK to filter the log events being displayed according to the filter criteria you specified.
  3. Click an event to display the cause and resolution.

  4. Click refresh cache to clear the SMU's cache, and then repopulate the cache with the relevant objects.

    Note that this is different than clicking the browser refresh button, which picks up any recent updates without clearing the cache.
  5. Click Download Log to download the log to your computer, then you can print or save to a text file.

    Click Clear Event Log to empty the log.

Configuring critical events

There are three default levels of events logging (Information, Warning and Severe). However, it is possible to assign an event type to a level named 'Critical'. To map an event type to this level, use the event-log-filter command, using 'c' as the level specifier.

Any events which are mapped to 'Critical', appear:

  • On the Event Log page on the NAS Manager.
  • In the Windows Event Viewer as an 'error'.
  • In the event-log-show CLI command.

The event log filters are applied retrospectively. Any event which is mapped to 'Critical', appears as this type even if it was originally logged under another level.

Alerts

To use alerts with critical events, use the CLI or NAS Manager to configure the Email, SNMP and Syslog alerts to trigger on Severe events. If alerts are configured to trigger for a Severe event, they also then trigger for a Critical event.

NoteThis event level applies to the whole cluster.

Configuring event notifications

The server can be configured for automatic notification of selected users when particular types of system events occur. Once warned of an event, these users can run SMU to diagnose the problem remotely, with a direct connection or virtual private link to the network.

The event notification can take three forms:

  • An email message, which the system sends through an SMTP server.
  • An SNMP trap, to notify a central Network Management Station (NMS) of any events generated by the server; for example, HP OpenView.
  • A syslog alert enables you to send alerts from a server to a UNIX system log (the UNIX system must have its syslog daemon configured to receive remote syslog messages).
NoteWith any form of event notification, best practice is to set a notification frequency of Immediately for the most serious alert type (Severe) and to send these alerts to at least two users.

Using email alerts

The server can be configured to send emails to specified recipients to alert them on system events. Setting up email alerts requires configuring:
  • SMTP Servers. The servers on the network to which the reporting server should email alerts.
  • Email Profiles. Email profiles allow distribution groups to be created, so that email recipients are properly notified based on alert threshold criteria.

    The server allows classification of email recipients into specific profiles, so that they can receive customized alerts with the depth of focus they require.

    For instance, profiles can define different tiers of user responsibility for the server, such that recipients in one profile will only receive alerts on Severe events, while recipients in a second profile receive alerts on Warning and Severe events, and recipients in a third profile get summary emails on all events. In a large user group, dividing these users into separate profiles saves time and simplifies event notification.

Procedure

  1. Navigate to Home Status & Monitoring Email Alerts Setup to display the Email Alerts Setup page.

    Field/Item Description
    SMTP Server IP/Name Type the host name or IP address of the primary mail server. This should be the organization's usual mail server, not the SMU 's private (eth1) IP address. The server specified as the SMTP Server will be used for email alert notification.

    It is only possible to configure one SMTP server. The NAS server honors any existing secondary SMTP servers until the primary SMTP server is changed. The NAS server then removes the secondary SMTP server.

    Send Email "From" Indicates who sent the email, and appears in the "from" header when the email is viewed by the recipient. Specify a descriptive name that will indicate the server, cluster, or SMU from which the email is sent.

    If no name is configured, then the NAS server applies a default name (admin@server name).

    apply Saves the SMTP and Send Email "From" settings.
    Profile Name A descriptive name for the profile.

    Note The SupportProfile cannot be disabled or deleted and it is not possible to add a new profile with this name. On a NAS module, use this profile to ensure that emails are sent to the same recipients by both file and block.
    Enabled Indicates whether the profile is enabled.
    Applies to SMU Indicates whether the selected email profile applies to the SMU.

    NoteThis applies only to an internal SMU.
    Immediate Alerts This indicates when immediate email alerts will be sent to the recipients in the profile. You should send immediate email alerts for any severe event. You can choose to send immediate alerts on Severe (S), Warning (W), or Informational (I) events. Severe alerts include any Critical events.
    Summary Alerts This indicates when summary email alerts will be sent to the recipients in the profile. Summary alerts are sent once or twice per day, as defined in the profile details. You can choose to send summary alerts on Severe (S), Warning (W), or Informational (I) events. Severe alerts include any Critical events.
    Recipients The email addresses to which alert emails are sent, as defined in the profile definition.
    details Displays the details of the email profile by opening the SMTP Email Profile page.
    Check All Selects all email profiles in the list.
    Clear All Deselects all email profiles in the list.
    add Opens the Add Email Profile page so you can add a new email profile.
    delete Deletes the selected email profile.
    Configure Email Forwarding (HNAS server only) Opens the SMTP Configuration page so you can edit email server information or add an email server.
  2. Specify the SMTP server information in the provided fields.

  3. In the Send Email From field, specify a name/identifier as the sender.

    When setting up a new server/cluster, it is important to specify a sender/identifier for the From field of the email.
  4. Optionally, manage existing email profiles as follows:

    • Click details to display the SMTP Email Profile page, in which you can enable, disable, or edit the email profile. It is not possible to disable the SupportProfile.
    • Click add to display the Add Email Profile page, in which you can create a new email profile.
    • Select the check box for the email profile you want to delete, and click delete to remove the selected email profile. It is not possible to delete the SupportProfile.
    • Click configure email forwarding to display the SMTP Configuration page, which allows you to specify the host name of the email server to which the SMU can send and relay event notification emails.
      NoteThis link appears only on clusters with an external SMU.

Daily status emails

A NAS Platform system is made up of multiple components. To get an accurate description of the overall status of the various components of the storage system, two daily status emails are generated:

  • Daily status email from the server. The server's daily status email contains logs of server performance and battery health, descriptive information regarding the health of the server and storage subsystem, and current space utilization by the file systems.

    This email is sent to all recipients in all mail profiles in which the Send a Daily Status Email at midnight option has been selected.

  • Daily status email from the SMU. The SMU's daily status email contains a list of the SMU's managed servers and their current firmware versions. It also contains the SMU's current software version. The SMU and server names are links that can be clicked to manage the specified server. The email also provides the ID, model, type (for example, single node or cluster node), and status information about servers.
  • SMU diagnostic emails. The SMU sends all configured email recipients a diagnostic email when any of the following events occur:
    • The server has unexpectedly rebooted.
    • If enabled, once per day at a specified time.

    These diagnostic emails contain details regarding the servers, storage, and FC switches managed by the SMU. The details in these diagnostic mails can be useful to Hitachi Vantara (should its assistance be required).

    Enabling monthly call home emails is also a good practice. When enabled, the SMU sends a full set of server, SMU, and storage diagnostics to Hitachi Vantara once per month, on a randomly selected day. These monthly emails provide an archive of the complete configuration of the storage system, which can aid in the detection of problems, provide background diagnostic information and, if necessary, provide a known good configuration for restoration.

    NoteWhen the monthly diagnostic email is first enabled, an initial email is sent at midnight that night, allowing you to verify that the email configuration is set up correctly.

Adding an email profile

  1. Navigate to Home Status & Monitoring Email Alerts Setup, and click add to display the Add Email Profile page.

    Field/Item Description
    Settings Used By Server and SMU
    Profile Name Select a name for the profile being created.

    Note The SupportProfile cannot be disabled or deleted and it is not possible to add a new profile with this name. On a NAS module, use this profile to ensure that emails are sent to the same recipients by both file and block.
    Enable Profile Select the check box to enable the profile, or leave it inactive.
    Send HTML Emails Select this check box to receive emails in HTML format. HTML emails are easier to read compared to plain text mails, and this provides easy access to the web UI, because the server name in the email is clickable.
    Add Recipient Enter the email address of the recipient to be added to the profile. Click Add to add the specified recipient to the list of recipients for this email profile.
    Recipients Displays a list of email addresses that will receive emails based on this profile. To delete a recipient from the list, select the email address and click X.
    Server-Specific Settings
    Send a Daily Status Email at Midnight By default, the Send a Daily Status Email at Midnight check box is selected. Detailed emails containing logs of server performance and battery health, descriptive information regarding the health of the server and storage subsystem, and the current space utilization of the file systems will be sent to the specified recipient. To avoid sending daily status emails, clear the check box.
    Uuencode Diagnostic Emails Select this check box to uuencode the email attachments sent with the mail that the server automatically sends when it restarts after an unplanned shutdown. This message contains diagnostic information that may help recipients to identify the cause of the problem. By uuencoding the message any virus scanning software at the recipient's site will be bypassed.
    Max. Email Length Limit the size of the email by specifying the maximum number of bytes it can contain. It must be stated numerically, such as: 32768.
    Exclude Attachments Select this check box to prevent attachments from being sent when daily summary emails are sent.
    Disclose Server Details in Emails By default, the Disclose Server Details in Emails check box is selected. Detailed emails containing restricted or confidential information (account names, IP addresses, portions of user data, an so forth) will be sent to the specified recipient. To avoid sending detailed emails, clear the check box.
    Email Intro Text Custom text to add to the body of the email. You can use this text field to add information or comments to the body of the email. If you are sending HTML emails, you can add basic HTML formatting (italics, bold, new lines and paragraphs, and so on) to the email, and the additional text will be displayed according to the formatting you entered.
    When to Send Emails
    Severe/Warning/Information Select the preferred option for the chosen recipient from the menu:
    • Immediately
    • Summary
    • Never
    Send Summaries At Set the time when summary emails should be sent. Set the exact time (hh:mm) in a 24-hour format (for example, 2 PM will be set as 14:00). A second summary can also be sent by entering a time in the second box.
    Send Empty Summary Alert Emails By default, this check box is selected, meaning that empty summary alert emails will be sent to the specified recipient. To avoid sending empty summary emails, clear the check box.
    Ignore NDMP Events in Immediate Emails Select this check box to prevent emails from being sent when events are generated by the NDMP backup system.
    SMU-Specific Settings
    Use this profile as the SMU's profile Select the check box to use this profile as the SMU's profile.
    Custom From Address For emails that will be sent by this SMU, enter the address that you want listed as the sender's email address. Note that this field is not available for internal SMUs.
    Send Daily Summary At Set the time when SMU daily status emails should be sent. Set the exact time (hh:mm) in a 24-hour format (i.e. 2 PM will be set as 14:00). To avoid sending daily status emails, clear the field.
  2. Verify your settings, and click OK to save, or cancel to decline.

Managing email alerts and profiles

The Email Alerts Setup page can be used to delete a profile or modify its properties.

Procedure

  1. Navigate to Home Status & Monitoring Email Alerts Setup, select a profile, and click details to display the SMTP Email Profile page.

    Field/Item Description
    Profile Name Select a name for the profile being created.
    Enabled Select the check box to enable the profile, or leave it inactive.
    Uuencode Diagnostic Emails Select this check box to uuencode email attachments. By uuencoding the message, any virus scanning software at the recipient’s site will be bypassed.
    Send HTML Emails Select this check box to receive emails in HTML format. HTML emails are easier to read compared to plain text mails, and this provides easy access to the web UI, because the server name in the email is clickable.
    Send Empty Emails By default, the Send Empty Emails check box is selected. Empty summary emails will be sent to the specified recipient when this is selected. To avoid sending empty summarized emails, clear the check box.
    Disclose Email Details to the recipient By default, the Disclose Email details to the recipient check box is selected. Detailed emails containing restricted or confidential information (account names, IP addresses, portions of user data, an so forth) will be sent to the specified recipient. To avoid sending detailed emails, clear the check box.
    Send a Daily Status Email By default, the Send a Daily Status Email check box is selected. Detailed emails containing logs of server performance and battery health, descriptive information regarding the health of the server and storage subsystem, and the current space utilization of the file systems will be sent to the specified recipient. To avoid sending daily status emails, clear the check box.
    Ignore NDMP events in immediate emails Select this check box to prevent emails from being sent when events are generated by the NDMP backup system.
    Exclude Attachments in Daily Summary Emails Select this check box to prevent attachments from being sent when daily summary emails are sent.
    Max. Email Length Limit the size of the email by specifying the maximum number of bytes it can contain. It must be stated numerically, such as: 32768.
    When to Send Emails
    Severe/Warning/Information Select the preferred option for the chosen recipient from the menu:
    • Immediately
    • Summary
    • Never

    NoteSevere alerts include any Critical events.
    SMU-Specific Settings
    Use this profile as the SMU’s profile Select the check box to use this profile as the SMU's profile.
    Send Email From For emails that will be sent by this SMU, enter the address that you want listed as the sender's email address. Note that this field is not available for internal SMUs.
    Enable Monthly Call Home Emails Select the check box to enable monthly call home emails. Clear the check box if you do not to receive monthly call home emails.
    Send Summaries At Set the time when summary emails should be sent. Set the exact time (hh:mm) in a 24-hour format (for example, 2 PM will be set as 14:00). A second summary can also be sent by entering a time in the second box.
    Email Intro Text Custom text to add to the body of the email. You can use this text field to add information or comments to the body of the email. If you are sending HTML emails, you can add basic HTML formatting (italics, bold, new lines and paragraphs, and so on) to the email, and the additional text will be displayed according to the formatting you entered.
    Recipients Displays the current recipient's email address.
    Add Recipient Enter the email address of the recipient about to be added to the profile. Click Add to add the specified recipient to the current profile. Click X to delete the selected recipient from the current profile.
  2. Modify the profile by selecting the desired alert options from the menus and check boxes.

  3. Verify your settings, and click OK to save, or cancel to decline.

Using SNMP and syslog

The Simple Network Management Protocol (SNMP) is a standard protocol for managing connected network devices. An SNMP agent can be set up so that Network Management Stations (NMS) or SNMP managers can access its management information.

The server supports SNMP v1, v2c, and v3.

SNMP statistics

SNMP statistics (per port and overall in 10-second time slices) are available for activity since the previous reboot, or since the point when statistics were last reset.

Management information base (MIB)

The SNMP agent maintains a Management Information Base (MIB) that is organized in a treelike structure, with each item of data having a unique object identifier (OID) that is written as a series of numbers separated by dots.

The storage server SNMP agent not only supports the MIB-II specification as described in RFC1213, but also provides an Enterprise MIB module, making management facilities available beyond those in the MIB-II specification. Download the Enterprise MIB module from the NAS Manager (Home Server Settings SNMP Access Configuration), or contact customer support for the latest Enterprise MIB module. The Enterprise MIB module is defined in two modules, BLUEARC-SERVER-MIB and BLUEARC-TITAN-MIB.

NoteThe NAS server MIB provides information about its own hardware and software. The server MIB cannot provide information about other external hardware, including RAID controllers, physical disks, FC switches, and so on. Those devices provide their own MIBs to monitor such hardware.

Implementing SNMP security

The SNMP agent is provided for monitoring purposes only; it provides read-only access. By default, the SNMP agent does not permit access to the management information base (MIB). Access is enabled by specifying:
  • The version of the SNMP protocol with which requests must comply.
  • The community names of the SNMP hosts and their associated access levels.
  • The IP address or name of hosts from which requests can be accepted (or just choose to accept requests from any host).

Procedure

  1. Navigate to Home Server Settings SNMP Access Configuration.

    Field/Item Description
    SNMP Protocol Support

    Using the radio buttons at the top of the page, select the version of the SNMP protocol with which hosts must comply when sending requests to the agent, or alternatively, disable the SNMP agent.

    Accept SNMP Packets On Port

    Enter the port number that the server monitors for communication through the SNMP protocol. The default port number is 161.

    Restrict Access To Allowed Hosts

    Select this check box to restrict protocol access to the hosts specified on this page. Clear the check box to enable the protocol to access any host.

    Allowed Hosts

    To permit requests from authorized hosts only, type the IP address of a host in this field, then click Add to include it in the list. If the system has been set up to work with a name server, you can type the name of the SNMP manager host rather than its address.

    NoteIf access is restricted to specified hosts, add the SMU as an allowed host.

    To remove a host from the list, select the host you want to remove, then click Delete.

    Allowed Communities

    Type the name of a community (a password) that will provide authentication into the MIB, and then click Add to include it in the list. Community names are case-sensitive.

    NoteYou should define at least one community entry.

    To remove a community from the list, select the host you want to remove, then click Delete.

    apply Saves configuration changes.
    Download SNMP MIB modules Click to download the MIB modules in a compressed format onto the local machine.
  2. Verify your settings, and click apply to save your changes.

Sending SNMP traps

A trap is unsolicited information that the SNMP agent sends to a manager. The trap enables the agent to alert the manager to an unusual system event. The SNMP agent supports the following set of traps:
  • AuthenticationFailure. Indicates that the SNMP agent received a request from an unauthorized manager. Either the manager used an incorrect community name or the agent has been set up to deny access to the manager.
  • ColdStart. Indicates that the SNMP agent has started or been restarted.
  • LinkUp.Indicates that the status of an Ethernet link has changed from Down to Up.
NoteSNMP v1 traps are not defined as objects within the MIB tree.

Procedure

  1. Navigate to Home Status & Monitoring SNMP Traps Setup.

    Field/Item Description
    Notification Frequency Using the list, select the notification frequency for each type of alert:
    • Severe Alerts: The specified component has failed in a way that poses a significant threat to the continued operation of the system. This level includes Critical alerts.
    • Warning Alerts: The specified component needs attention but does not necessarily represent an immediate threat to the continued operation of the system.
    • Information Alerts: The specified component is operating normally and is not displaying an alarm condition.
    SNMP Traps
    Send Traps to Port Enter the port number that the server uses to send traps. The default port number is 162.
    Send traps upon authentication failure (HNAS server only) Select this check box if the SNMP agent is to send a trap in the event of an authentication failure (caused, for example, by the SNMP host using an incorrect community string when formulating a request).
    Trap Recipients In this area, enter the hosts to which this server will send traps.

    In the Host field, enter the IP address of an SNMP host to associate with each community. If the system has been set up to work with a name server, you can type the name of the SNMP manager host rather than its address.

    In the Community field, type the name of the SNMP community (community names are case-sensitive).

    Click Add to save the information in the list.

    You can delete an entry in the list by selecting it and clicking the X.

    NoteThe NAS server supports a maximum of 32 SNMP communities, each with up to 32 hosts. Existing trap destinations in excess of this number are honored, but it is not possible to add more than 32.
    apply Saves the settings.
  2. Enter the necessary information, and then click apply.

Configuring syslog notifications

You can use syslog notification to send a syslog alert from the server to a UNIX system log when three types of events occur. The UNIX system must have its syslog daemon configured to receive remote syslog messages.

Procedure

  1. Navigate to Home Status & Monitoring Syslog Alerts Setup.

    Field/Item Description
    Notification Frequency Select the notification frequency for each type of alert:
    • Severe Alerts: The specified component has failed in a way that poses a significant threat to the continued operation of the system. This level includes Critical alerts.
    • Warning Alerts: The specified component needs attention but does not necessarily represent an immediate threat to the continued operation of the system.
    • Information Alerts: The specified component is operating normally and is not displaying an alarm condition.
    Syslog Servers In this area, enter the syslog servers to which this server will send alerts. In the first field, enter the IP address or host name of the syslog server, and click Add to save the address in the list. You can delete an entry in the list by selecting it, and clicking the X.
    apply Click to apply and save the configuration.
  2. Enter the necessary information.

Testing alert configurations

After setting up the alert configuration, send a test alert to all selected recipients.

Procedure

  1. Navigate to Home Status & Monitoring Send Test Event.

  2. Select the type of message to send from the list, enter a test message, and click test.

Clearing logs with Windows Event Viewer

The Windows Event Viewer utility allows clearing (deleting) events related to specific categories, such as 'system' or 'security.’

On a Windows server, when an administrator clears a particular category of events, only events in that category are deleted.

For the NAS server, however, when managing the NAS server event log using the Windows Event Viewer, you cannot delete only a particular category of events. If you try to clear only security or system event entries from the log, you actually clear all events (security and system) from the NAS server’s event log.