acoustic citrus
I'm looking for the best approach to logging NetApp ONTAP system logs into ElasticSearch for better analysis and monitoring. Can anyone share their experiences or recommend tools/methods for integrating NetApp logs into an Elastic stack?
We've already looked at using syslog, but we're not sure if this is the best way to go.
Any advice or recommendations would be greatly appreciated!
acoustic citrus
No one with feedback?
tidal vapor
ONTAP supports Syslog Forwarding out of the box. So that is probably the easiest way to go.
barren night
never had a need to, but..
https://discuss.elastic.co/t/ingesting-syslog-from-netapp-ontap/328170
or if you have the use of Data Infrastructure Insights https://docs.netapp.com/us-en/data-infrastructure-insights/task_config_telegraf_elasticsearch.html
but yea, syslog would be about the only way
pulsar pasture
you can also configure EMS webhooks, probably, but how that actually works is left as an exercise for the reader 😉 (read: I have not done this with ElasicSearch yet, but I know that sending EMS messages to REST endpoints in general works just fine)
solemn veldt
Please look here
https://docs.netapp.com/us-en/ontap-cli/event-notification-destination-create.html#parameters
older versions of ONTAP only support RFC-3164 (aka legacy-NetApp)
Newer versions also support RFC-5424
ONTAP can only send in one of these two formats when you create an “event notification destination”.
If you configure syslog and the format is wrong you may need to manipulate it.
Some syslog applications allow to you to modify each incoming source.
If you have an older version of ONTAP your stuck with RFC-3164
acoustic citrus
Thx for your feedback. The feedback confirmed that there is no other easy way. I'll go ahead with syslog 🤟
barren night
aye, goodluck