If we are using the Dell PowerScale Add-on for REST API calls, are the following syslog steps needed? What is the purpose of syslog forwarding to a Splunk forwarder if the Add-on performs REST API calls to the Isilon cluster to pull this data?
To enable forwarding syslog data in any Isilon Cluster version, perform the following steps:
Make following changes in file /etc/mcp/override/syslog.conf (copy from /etc/mcp/default/syslog.conf if not present):
Restart syslogd using this command - /etc/rc.d/syslogd restart.
In some cases, syslog.conf file is already placed at /etc/mcp/override directory location but it is empty. In that case, just put the log file name and the forwarder ip in that file. Below is the content of sample syslog.conf:
auth.* @<forwarders_ip_address> !audit_config *.* @<forwarders_ip_address> !audit_protocol *.* @<forwarders_ip_address> !*
Run the following commands to enable protocol, config and syslog auditing according to Isilon OneFS version:
For Dell Isilon cluster with oneFS version 9.x.x:
isi audit settings global modify --protocol-auditing-enabled Yes isi audit settings global modify --config-auditing-enabled Yes isi audit settings global modify --config-syslog-enabled Yes isi audit settings modify --syslog-forwarding-enabled Yes
If the add-on provides the same data as syslog then you don't need both of them.