No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
OceanStor 18000 and 18000F Series V500R007 Kunpeng Installation Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Enabling Syslog Notification

Enabling Syslog Notification

Configuration Process

The Syslog notification supports the UDP, TCP and TCP+SSL/TLS protocols. When alarms are reported using UDP and TCP protocols, certificate verification is not required. When alarms are reported using the TCP+SSL/TLS protocol, the certificate verification mode is used to enhance the security of storage system logs. Figure 5-17 shows how to configure the Syslog notification.

Figure 5-17 Configuring the Syslog notification

Generating and Exporting a Certificate on the Storage System

Before using the Syslog notification function on the storage system, generate and export a Syslog certificate.

Context

  • The certificate generated on the storage system is not signed and requires to be signed on the signature server.
  • For versions earlier than V500R007C70 Kunpeng, if you use a third-party tool to export certificate request files, save the exported private key file as well. These files, together with the signed certificate and CA certificate, are exported to the storage system when the certificates are verified on the storage system. For V500R007C70 Kunpeng and later versions, you do not need to export the private key file.

Procedure

  1. Log in to DeviceManager.
  2. Choose Settings > Storage Settings > Value-added Service Settings > Credential Management.
  3. Generate and export a Syslog certificate.

    1. Set Certificate Type to Certificate of Syslog.
    2. Select Certificate Key Algorithm from RSA 2048, RSA 4096, and ECC 256. RSA 2048 is the default value and you can select a desired certificate key algorithm to meet actual service requirements.
    3. Click Generate and Export.

      The Save As dialog box is displayed. Select a path to save the certificate and click Save.

Follow-up Procedure

After the Syslog certificate is exported, sign the signature on it.

Signing the Certificate and Exporting the CA Certificate

After exporting the Syslog certificate, you need to sign the signature to activate it and export the CA certificate.

Export the Syslog certificate and sign the signature based on actual conditions. Export the CA certificate at the same time for subsequent operations.

Importing the Syslog Certificate and CA Certificate

Import and activate the Syslog certificate and CA certificate to the storage system to enable the Syslog certificate to take effect.

Prerequisites

  • The signed certificate and CA certificate exist.
  • For versions earlier than V500R007C70 Kunpeng, ensure that the private key file exists if the certificate file is exported and signed by a third-party tool.

Context

If the certificate file is exported and signed by a third-party tool, import the private key file when you import the activated certificate and CA certificate.

  • For versions earlier than V500R007C70 Kunpeng, a storage system supports unidirectional and bidirectional authentication. During bidirectional authentication, the private key file must be imported.
  • For V500R007C70 Kunpeng and later versions, a storage system does not support bidirectional authentication and you do not need to import the private key file.

Procedure

  1. Log in to DeviceManager.
  2. Choose Settings > Storage Settings > Value-added Service Settings > Credential Management.
  3. Import and activate the signed certificate.

    1. After the certificate has been signed by the server, click Import and Activate.

      The Import Certificate dialog box is displayed.

    2. Set the certificate type to Certificate of Syslog and import the signed certificate and CA certificate. Table 5-17 describes related parameters.
      Table 5-17 Certificate parameters

      Parameter

      Description

      Value

      Certificate Type

      Certificate types.

      [Example]

      Certificate of Syslog

      Certificate File

      Certificate file that has been exported and signed.

      [Example]

      None

      CA Certificate File

      Certificate file of a server.

      [Example]

      None

      Private Key File

      Private key file of a device.

      [Example]

      None
    3. Click OK.

      The Warning dialog box is displayed.

    4. Select I have read and understand the consequences associated with performing this operation, and click OK.

      The Success dialog box is displayed.

    5. Click OK.

      The certificate has been successfully imported and activated.

Configuring Syslog Server Certificate and CA Certificate

Configure valid Syslog server certificate and CA certificate on the Syslog server to use the Syslog notification function.

You can generate the Syslog server certificate using a third-part device (such as OpenSSL), sign the certificate using a third-party signature server, and export the corresponding CA certificate.

Ensure that the signature server used on the Syslog server is the same as that on the storage system.

Enabling the Syslog Notification Function

Enable Syslog notification for the Syslog server to receive self-defined alarms and events from devices with specified addresses.

Prerequisites

  • You have logged in to DeviceManager as an administrator that has the operation permission of:
    • Super administrator
    • Administrator
  • Before configuring a domain name for the server, ensure that the DNS server communicates properly with the storage system or third-party server.
  • A storage system has been configured to send only the alarms and events generated after the Syslog server is configured, but not alarms or events generated before the configuration.
  • Only one Syslog server is configured on a host (recommended). Otherwise, you may not receive Syslog notification due to port conflicts.
  • Ensure that the UDP, TCP, and TCP+SSL/TLS protocols have been configured on the Syslog server. Security risks arise if the protocol is UDP or TCP. You are advised to select TCP+SSL/TLS.
  • The protocol configured on the storage system must be consistent with that configured on the Syslog server.

Procedure

  1. Log in to DeviceManager.
  2. Choose Settings > Alarm Settings > Syslog Notification.
  3. Configure the severity and notification type of alarm as well as address for receiving Syslog messages.

    1. Select Enable.
    2. Configure parameters of the Syslog notification. Table 5-18 describes related parameters.
      Table 5-18 Parameters for Syslog notification

      Parameter

      Description

      Example

      Port

      Indicates the port ID of the Syslog notification. The default value is 514.

      NOTE:
      • The port ID configured on the storage system must be the same as that configured on the Syslog server.
      • The value of the port ID ranges from 1 to 65535.

      3

      Protocol

      Indicates channels through which Syslog notifications are sent. The value can be UDP, TCP, or TCP+SSL/TLS.

      NOTE:
      • If you select UDP, ensure that the syslog server can respond to ping packets normally. Otherwise, Syslog notifications of the storage system cannot be sent to the receiving server.
      • Ensure that the UDP, TCP, and TCP+SSL/TLS protocols have been configured on the Syslog server. Security risks arise if the protocol is UDP or TCP. You are advised to select the TCP+SSL/TLS protocol.
      • The protocol configured on the storage system must be the same as that configured on the Syslog server.

      TCP+SSL/TLS

      Severity

      Indicates the lowest severity of a Syslog alarm that can be sent. The value can be Informational, Warning, Major, and Critical.

      Warning

      Notification Type

      Indicates the type of Syslog notification. The value can be Alarm, Alarm restoration, Event, eService collection logs, and Security log.

      NOTE:

      Security log is valid in V500R007C60SPC300 and later.

      Event

      Send Device Name

      Indicates whether the device name should be sent to the Syslog server.

      NOTE:

      After Send Device Name is enabled, the system sends device names to the Syslog notification server. You can choose Settings > Basic Information > Device Information to view device names.

      If you want to send the device name, select the check box. Otherwise, deselect it.

      Receiver Server Address

      Indicates the server IP address or domain name address for receiving Syslog notifications.

      [Value range]

      • An IPv4 address has the following requirements:
        • The 32-bit address is evenly divided into four fields. Each 8-bit field is expressed in dotted-decimal.
        • Each field of the IP address cannot be blank and must be an integer.
        • The value of the first field ranges from 1 to 223 (excluding 127).
        • The values of other fields range from 0 to 255.
        • The IP address cannot be a special address such as the broadcast address.
      • An IPv6 address has the following requirements:
        • The 128-bit address is evenly divided into eight fields. Each 16-bit field is expressed as four hexadecimal digits. The fields are separated by colons.
        • In each 16-bit field, zeros before integers can be removed. However, at least one digit must be reserved in each field.
        • If the IP address contains a long string of zeros, you can represent the neighboring zeros with double colons (::) in the colon-separated hexadecimal field. Each IP address contains only one double-colon (::). The double-colon (::) can also be used to represent neighboring zeros of the IP address.
        • The IP address cannot be a special address such as a network address, loop address, or multicast address.
      • The domain name has the following requirements:
        • A domain name is not case-sensitive and must be an English domain name.
        • An English domain name contains 1 to 255 characters.
        • An English domain name can only contain letters (a to z, A to Z), digits (0 to 9), dots (.), and hyphens (-). It cannot start or end with a hyphen (-).

      192.168.1.100

      fc00::1234

      www.test.com
    3. Add or remove receiver server addresses.
      • Add receiver server addresses.
        1. Click Add.

          The Add Receiver Server Address dialog box is displayed.

        2. Add receiver server addresses.
        3. Click OK.
      • Remove receiver server addresses.

        Select receiver server addresses that you want to remove and click Remove.

  4. (Optional) Click Test to test the connectivity between the storage system and Syslog server.
  5. Click Save.

    The Success dialog box is displayed.

  6. Click OK.

Follow-up Procedure

After Syslog alarm notification is configured, alarms will be sent to a specified application server or maintenance terminal. The Syslog alarm format is shown as follows:

Info Receive Time | Facility | Severity | Info 
2013/6/19 10:55:19 | Local7 | Error | alam:<186> 2015-06-19 10:47:10 xxx.xxx.xxx.xxx 240788 0xF00A000C Major(1) Hard disk (Controller Enclosure CTE0, slot 2, serial-number XXXXXX) is in single-link state. 
2013/6/19 10:58:53 | Local7 | Error | alam:<188> 2015-06-19 10:57:50 2015-06-19 10:57:50 xxx.xxx.xxx.xxx 241093 0xF0C90001 Warning(2): The Licence feature (xxx) is going to expire on 2015-08-14.

Output description:

Parameter

Meaning

Description

Info Receive Time

Indicates the time when the Syslog server receives the alarm information.

-

Facility

Indicates the information source.

The Facility field indicates the type of an IP address which can be IPv4 or IPv6. The value of this field is LOG_LOCAL7 or LOG_LOCAL6.

Severity

Indicates the information severity level.

The Severity field indicates the severity of an alarm, which can be emergency, error, warning, or information. The value of this field is Emerg, Error, Warn, or Info.

Info

Indicates the content.

The Info fields have a fixed pattern in content. The first field is the name of the process that sends the message. This field can be left blank when certain versions of Syslog protocols are used.

Information in <> represents the prefix of the Syslog protocol, which is stipulated by the Syslog protocol and indicates the severity level and source.

Info contains the alarm information.

  • Time when an alarm occurs, for example, 2015-06-19 10:57:50.
  • IP address or device SN. It represents the IP address or SN of the storage device that generates an alarm.
  • Alarm SN. It represents the SN generated within the storage device. The value ranges from 1 to 4294967295, for example 240788.
  • Alarm ID. It represents a type of alarm in hexadecimal format, for example, 0xF00A000C.
  • Alarm severity. Alarm severity includes info, warning, major, and critical.
  • Alarm type. Alarm types include event (0), fault (1), and recovery (2).
  • Alarm content. For example: The license feature (xxx) is going to expire on 2015-08-14.
NOTE:

If the alarm is cleared, the alarm clearing time will be displayed following the alarm occurrence time, for example, 2015-06-19 10:57:50.

Info Receive Time, Facility, and Severity are defined by the Syslog server. The parsing result may vary according to tools.

Download
Updated: 2023-09-19

Document ID: EDOC1100123474

Views: 87841

Downloads: 93

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :