Set Syslog transfer of audit logs as follows. You can set up to two Syslog servers.
An audit log can contain up to 750,000 activities. If transfer to the Syslog server is enabled, a user is notified by an event log and audit log when the number of untransferred activities reaches 70% of the maximum and when it reaches 100%.
-
When using a DNS server, a storage node caches DNS inquiry results for the time (DNS TTL) set in the DNS server. For this reason, if the content registered in the DNS server (correspondence between the host name and IP address) is changed, the storage node might access an old address during DNS TTL. Therefore, if you have changed the content registered in the DNS server (correspondence between the host name and IP address), wait until the time specified for DNS TTL has passed, and then set Syslog transfer.
-
When syslog transfer of audit logs is set, VSP One SDS Block periodically sends ICMP echo requests to the set Syslog server to verify the network reachability.
-
(Virtual machine)(Bare metal)
In the audit log Syslog transfer settings, the source IP address is as follows:
-
If the representative IP address of the storage cluster is not set:
Control network IP address of the cluster master node (primary)
-
If the representative IP address of the storage cluster is set:
Representative IP address of the storage cluster or control network IP address of the cluster master node (primary)
The cluster master node (primary) might be changed to another storage node because of storage node failure or other reasons. To ensure that audit logs can be received in such cases, when registering a source IP address, set the representative IP address of the storage cluster and the IP addresses of all storage nodes for the control network.
-
-
(Cloud)
Syslog transfers from VSP One SDS Block do not pass through the load balancer, so the source IP address remains the IP address of each storage node for the control network. Therefore, when you register a source IP address, specify the IP address of each cluster master node for the control network, not the IP address assigned to the load balancer.
-
Required role: Security