NetApp Syslog Message Changes

To anyone who can help,

After upgrading our NetApp to 9.12.1, we found that we were not seeing syslog from our clusters anymore. It appears they have modified their message structure.

“message”: “NetApp-ip-address Jan 3 18:04:39 Netapp-NAME kernel - csm.badConnection - ONTAP received a CSM connection with unrecognizable content”,

“message”: "NetApp-ip-address [Netapp-NAME: security.invalid.login:ALERT]: Failed to authenticate login attempt to Vserver: ",

Any assistance with getting the new message structure to report would be appreciated.

Thank you!

Hey @patrickr

Have you tried a different Input?

I have. The new message type appears using the Raw/Plaintext UDP input. Unfortunately this input doesn’t format the messages.
What’s frustrating is that the syslog input worked fine before the upgrade.

Hey @patrickr

I havent used NetApp but you could do a work around with a pipeline and/or extractor to get the fields needed from the RawplainText input, just an idea.

I appreciate the suggestion. I haven’t really had time to research pipelines or extractors. That will be my next step.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.