Setup and Deployment

Explore this Page

Overview

This section explains how to forward syslog messages from DataCore SANsymphony to third‑party platforms like Elastic Search and Splunk. It covers enabling syslog forwarding, selecting RFC formats, and using DataCore‑provided Logstash configuration files for streamlined setup and monitoring.

Prerequisites

  • Logstash (version 8.17.2 or later) must be installed and running on a designated server.
  • Ensure you have access to your Elastic Search or Splunk environments to verify the forwarded logs.
  • Ensure that inbound UDP traffic on the configured port (default: 514) is allowed through the firewall on the Logstash server.
  • The IP address and UDP port of the Logstash server must be specified in the SANsymphony Syslog settings. See Enable Syslog Forwarding in DataCore SANsymphony.

Enable Syslog Forwarding in DataCore SANsymphony

This section helps you enable DataCore SANsymphony to forward syslog messages to a Logstash server for centralized logging and monitoring. You can define the target server, severity levels, message sources, and select the desired RFC format to tailor the forwarded logs for use with platforms such as Elastic Search and Splunk.

  1. In the DataCore Management Console, navigate to the Server Group > Settings tab.
  2. Expand the Syslog Settings section
  3. Enter the following fields:
    1. Server Address: IP address of the Logstash server (example: 10.131.0.58).
    2. UDP Port: Port number on which Logstash will listen (default is 514).
    3. Level: Select one or more severity levels of syslog messages to forward (example: Info, Warning, Error). Only messages matching the selected levels will be sent. If no level is selected, all messages will be forwarded by default.
    4. Source Type: Select one or more specific source contexts to filter the syslog messages (example: General, DiskPools, Mirrors). If left unselected, messages from all sources will be forwarded by default.
    5. RFC Format: Choose the required RFC format either RFC5424 (recommended) or RFC3164 based on your logging setup.
  4. Click Test Syslog to verify connectivity.
  5. Click Apply to save the configuration.

For more information on Syslog Server, refer to the DataCore SANsymphony Syslog Server documentation.

DataCore Predefined Logstash Configuration File

SANsymphony supports forwarding syslog messages in two formats: RFC5424 and RFC3164. Use the corresponding Logstash configuration file based on the format selected in DataCore SANsymphony Syslog Settings. For selecting RFC files, refer to Enable Syslog Forwarding in DataCore SANsymphony.

Downloading the Configuration Files

You can download the predefined Logstash configuration files from the DataCore Software GitHub repository. The repository contains both RFC5424 and RFC3164 format configuration files. Use the appropriate file based on your SANsymphony Syslog Settings.

Using the Configuration Files

You can either do one of the following:

  • Use the provided configuration (.conf) file as-is by placing it in the Logstash configuration directory.
  • Copy the contents of the provided configuration (.conf) file into an existing Logstash configuration file.

Available Configuration Files

  • RFC5424 Configuration file: Use this file if RFC5424 is selected in SANsymphony > Syslog Settings.
  • RFC3164 Configuration file: Use this file if RFC3164 is selected in SANsymphony > Syslog Settings.

Learn More