Overview of event logs

Virtual Storage Platform One SDS Block System Administrator Guide

Version
1.16.x
Audience
anonymous
Part Number
MK-24VSP1SDS001-03

Each time an event that needs to be reported to the user occurs while the storage cluster is operating, VSP One SDS Block collects such an event and generates an event log. You can verify event logs to know what happened in the storage cluster.

An event log can contain up to 864,000 events. If this maximum limit is exceeded, the log is overwritten in first-in-first-out basis.

In addition, you can set the transfer destination of event logs to the Syslog server or SMTP server. Note that, transfer to the Syslog server and SMTP server requires you to run different respective commands. Event logs that are transferred to the SMTP server are sent as emails.

Event logs that are created after event log transfer setting are transferred to the Syslog server or SMTP server. Event logs created before event log transfer setting are not transferred.

Event logs transferred to the SMTP server are those whose severity is "Critical", "Error", or "Warning". The time from when an applicable event log is generated until an email is sent is approximately 1 minute and 20 seconds.

Note:
  • When the storage cluster is restarted or a storage node is recovered from maintenance, event logs that were issued before a failure might be reissued.

    An event log is issued when the storage cluster is performing some processing. However, if a failure occurs during the processing, the processing is passed to a normal storage node and is retried. As a result, the same event log might be issued.

  • (Cloud) Configure security group settings on the Syslog or SMTP server to allow the server to receive event logs according to Example security group settings for compute nodes in the VSP One SDS Block Cloud Setup and Configuration Guide.

Requirements for the Syslog server and SMTP server

  • Syslog server: Rsyslog 8 is supported.

  • SMTP server: The requirements for the SMTP server are as follows:

    • STARTTLS is supported.

    • SMTP authentication is supported.

    • At least one of CRAM-MD5, PLAIN, or LOGIN is supported as the SMTP authentication method.

    • TLS 1.2 is supported.

      The SMTP client that is used by the storage system for connection with the SMTP server uses only TLS1.2. However, you should disable vulnerable protocol versions (SSL2.0, SSL3.0, TLS1.0, and TLS1.1) in the SMTP server settings.

    • At least one of the following is supported as a TLS cipher suite.

      • (1) TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
      • (2) TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
      • (3) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      • (4) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      • (5) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      • (6) TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

      - If the cipher suite requirements are not met, TLS connection to the SMTP server cannot be established.

      - For whether the SMTP server supports any of the preceding cipher suites, see the documentation for the SMTP server to be used.

      - You might need to specify the settings for key exchange (DHE or ECDHE) on the SMTP server according to the key exchange method (DHE or ECDHE) of the cipher suite to be used. For details about the settings to be specified, see the documentation for the SMTP server to be used.

      - The cipher suites that can be used differ depending on whether the server certificate set on the SMTP server is an RSA or ECC certificate. For an RSA certificate, the first to fourth cipher suites in the above can be used. For an ECC certificate, the fifth and sixth cipher suites in the above can be used. For details about how to set a server certificate on the SMTP server, see the documentation for the SMTP server to be used.

      - The SMTP client that is used by the storage system for connection with the SMTP server uses only the preceding cipher suites. However, you should disable the other vulnerable cipher suites on the SMTP server settings. Vulnerable cipher suites refer to the cipher suites shown in Appendix A. TLS 1.2 Cipher Suite Black List of RFC 7540.

  • If multiple server certificates are to be set on the SMTP server, they must be issued so that their authenticity can be proved by only one root certificate imported into the storage system.

    ( This requirement does not apply to the certificates for non-SMTP functions that are imported to VSP One SDS Block. )

  • SMTP client provided by VSP One SDS Block allows insecure renegotiation for backward compatibility.

    For TLS connection with SMTP server, it is recommended to use an SMTP server that complies with RFC5746.