HPE 3PAR StoreServ Storage
1748169 Members
4023 Online
108758 Solutions
New Discussion ī„‚

Re: SPLUNK as syslog 3PAR

 
RaviSE
Occasional Visitor

SPLUNK as syslog 3PAR

Hej,

 

Is there any way to send test traps from 3PAR after external syslog configuration.

6 REPLIES 6
Wassim_SV
Visitor

Re: SPLUNK as syslog 3PAR

Hello,

You can send a test trap to all SNMP managers displayed with the showsnmpmgr command. Procedure Issue the checksnmp command. The CLI displays the IP addresses of the tested managers.

You have first to To register the SNMP manager with the agent, use the setsnmpmgr command followed by the IP address of the SNMP manager

You can find all details on the document Page 247-252 HPE 3PAR Command Line Interface Administrator Guide :

https://support.hpe.com/hpsc/doc/public/display?docId=c04204251

 

I am an HPE Employee

Accept or Kudo

Haitao_Zhang
Member

Re: SPLUNK as syslog 3PAR

Hello,

You can use the "checksnmp" command to send an SNMP test trap.

EXAMPLES
cli% checksnmp
Trap sent to the following managers:
192.168.17.10:162
192.168.17.111:1000

3PAR Support Specialist

Accept or Kudo

Anovelli
New Member

Re: SPLUNK as syslog 3PAR

Syslog is used to audit purposes, in my case, after setting and enabling syslog via setsys command, messages began to arrive in great amounts that no test message was necessary. you are intended to monitor events? consider use snmp traps.

randy_108
Advisor

Re: SPLUNK as syslog 3PAR

Do you know what port the 3par is sending the syslogs on?

I need to open the firewall for syslogging.

Also, are the syslogs coming from the SP or the 3par?

 

Thanks

Randy

 

Sheldon Smith
HPE Pro

Re: SPLUNK as syslog 3PAR

The syslog host is defined using the 3PAR StoreServ command line (setsys RemoteSyslogHost ...)

If the port is not configured one of the following default ports will be used; 514 for UDP, 601 for TCP, 6514 for TLS.


Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the company

Accept or Kudo

apol
Frequent Advisor

Re: SPLUNK as syslog 3PAR

If your SP is Version 5, you can set remote syslog there too ("Edit SP configuration"). The settings-dialoge will show the different ports it would use, depending on your flavour of udp or tcp, tls etc...

We use splunk too. My idea is to monitor remote connections from hpe, but so far I didn't find the right entries to monitor to catch all of them. There's some entries flagged "audit", but there are lot's of them that aren't of interest at all.