1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Appliance Services
  3. Configuring Services
  4. Syslog Configuration

Syslog Configuration

The Syslog Relay service provides two different functions on Oracle ZFS Storage Appliance:

  • Alerts can be configured to send Syslog messages to one or more remote systems. See Configuring Alerts.

  • Services on the appliance that are syslog capable will have their syslog messages forwarded to remote systems.

A syslog message is a small event message transmitted from the appliance to one or more remote systems (or as we like to call it: intercontinental printf). The message contains the following elements:

  • A facility describing the type of system component that emitted the message.

  • A severity describing the severity of the condition associated with the message.

  • A timestamp describing the time of the associated event in UTC.

  • A hostname describing the canonical name of the appliance.

  • A tag describing the name of the system component that emitted the message. See SYSLOG Alert Message Format for details of the message format.

  • A message describing the event itself. See SYSLOG Alert Message Format for details of the message format.

Syslog receivers are provided with most operating systems, including Oracle Solaris and Linux. A number of third-party and open-source management software packages also support Syslog. Syslog receivers allow administrators to aggregate messages from a number of systems on to a single management system and incorporated into a single set of log files.

The Syslog Relay can be configured to use the "classic" output format described by RFC 3164, or the newer, versioned output format described by RFC 5424. Syslog messages are transmitted as UDP datagrams. Therefore they are subject to being dropped by the network, or may not be sent at all if the sending system is low on memory or the network is sufficiently congested. Administrators should therefore assume that in complex failure scenarios in a network some messages may be missing and were dropped.

Syslog Properties

  • Protocol Version (version) - The version of the Syslog protocol to use, either Classic Syslog (RFC 3164) or Updated Syslog (RFC 5424).

  • Destinations (dst) - The list of destination IPv4, IPv6, and FQDN addresses to which messages are relayed.

  • Audit Classes (audit_classes) - Controls which audit events are relayed to the remote target. The default setting does not specify an option, which are as follows:

    • Administrative Audit (AdministrativeAudit) - Oracle ZFS Storage Appliance audit events.

    • Per File Audit (PerFileAudit) - Per-file audit for Oracle Solaris audit events.

    • Login/Logout Audit (LoginLogoutAudit) - Log in and log out Oracle Solaris audit events.

To configure syslog, see the following sections: