Connectrix Cisco: Syslog alerts were not logged in the configured Splunk server from DCNM 10.2(1)[1]

           

   Article Number:     531898                                   Article Version: 3     Article Type:    How To 
   

 


Product:

 

Connectrix MDS-Series Data Center Network Manager

 

Instructions:

 

 

Issue:    

      Syslog alerts were not logged in the configured Splunk server from DCNM v10.2(1) SAN.   
   
   
    Troubleshooting performed:   
      Tried to enable the below parameters in the DCNM logs > server.properties to check if the alerts are received on the syslog server (Splunk)   
   
     
        User-added image     
     
        User-added image     
            
        Even after performing the above, user was not receiving syslogs.  Then user configured MDS to send syslogs to DCNM and made some appropriate setting changes to see syslogs coming in.     
     
              
     
           
  •           On Switch:       
  •      
     
        # logging server <DCNM_IP> 6     
     
              
     
           
  •           DCNM server.properties:       
  •      
     
        #events.log.all > set to true     
     
              
     
        Restarted DCNM. Saw the Administration/Event Setup/Registration reflects device as Sending Sylogs.     
            
              
   
                                                                                                                             

 

 

Notes:

 

 

User Requirement:   
        

      The user requirement was to check if we could forward the syslog NATIVE content to Splunk syslog server.     
      In our attempts, we did select Splunk IP and port 514 and selected syslogs and all wildcard.     
      The Splunk server is not a trap receiver and only listens on 514.     
     
      In the end, there was a possibility to check if user could move the MDS logging server functions from splunk to DCNM and allow DCNM to be the syslog aggregator/forwarder.   
   
    Future Enhancement in DCNM:   
        
      Cisco Development Team confirmed that, DCNM currently only supports forwarding syslogs as SNMP traps or email.      
      DCNM does not support forwarding as native syslogs. Syslog content would be packaged as varbind/s in SNMP trap…or embedded in email.     
     
      Cisco BU mentioned Account folks could look into the above as a feature enhancement in the future release.      
      If the business/use case is deemed appropriate, Cisco BU could scope an effort based on feature priorities.