Table of ContentsView in Frames

What Syslog messages are

You can monitor the status and operation of managed storage systems by using the Event Management System (EMS) output in Syslog.

Events are generated automatically when a predefined condition occurs or when an object crosses a threshold. When an event occurs, status alert messages might be generated as a result of the event.

EMS is a subsystem in the Data ONTAP kernel where event indications are posted, and from which notification services, such as Syslog, monitor for individual event types. EMS collects event data from various parts of the Data ONTAP kernel and provides a set of filtering and event forwarding mechanisms.

The syslog.conf configuration file

Message logging is done by a syslogd daemon. By default, all system messages (except those with debug-level severity) are sent to the console and logged in the /etc/messages file.

The /etc/syslog.conf configuration file on the storage system’s root volume is the configuration file for the syslogd daemon and it determines how system messages are logged.

Syslog messaging configuration options

You can configure which types of messages to log for a storage system, based upon your combinations of facility and severity level. The facility is the part of the system that is generating the message. For example, defining message type kern.err, invokes logging of all error level events from the kernel.

You can combine the following facilities with the available Syslog severity levels:
Facility Definition
kern Messages generated by the storage system kernel.
daemon System daemons, such as the rshd daemon or the routing daemon.
auth Authentication system messages, such as those logged for Telnet sessions.
cron The storage system's internal cron facility.
local7 The storage system's audit logging facility. All messages coming from the audit logging facility are logged at level debug.
* An asterisk acts as a wildcard and designates all facilities (except local7). For example, use *.err to see all messages with severity level err from all facilities (except local7).

Syslog message severity levels

The Syslog messages use a different scheme of severity levels than the System Manager monitoring. This is because the Syslog messages are based on EMS messages. The following table defines the possible Syslog message severity levels and shows how they relate to EMS severity levels.

Syslog severity EMS severity Description
* Not applicable An asterisk acts as a wildcard and designates all severity levels. For example, use kern.* to see all severity level messages generated by the kernel.
emerg EMERGENCY A panic condition that causes a disruption of normal service.
alert ALERT A condition that you should correct immediately, such as a failed disk.
crit CRITICAL A critical condition, such as a disk error.
err ERROR An error condition, such as a bad configuration file.
warning WARNING A condition that might become an error if not corrected.
notice NOTICE A condition that is not an error, but that might require special attention.
info INFORMATION Information, such as the hourly uptime message.
debug DEBUG Information used for diagnostic purposes.

Message logging locations

You can configure where a particular message type is logged. You can log messages in the following locations: