OneView syslog

adamcole · ‎03-15-2019

Does OneView have the ability to forward its logs to a syslog server? There is a "Enable-HPOVRemoteSyslog" powershell command but the documentation is pretty vague on actual usage.

PeterWolfe · ‎03-18-2019

Yes, starting the new V4.20 release (which just started shipping within the last several weeks). The feature allows you to forward the OneView audit logs to a remote syslog server.

The powershell command is for a older feature that's has been in OneView from early on. That feature configures specific managed devices (e..g. iLO, OAs, some ICMs) to forward their syslogs to a remote syslog server.

Daniel-L · ‎03-19-2019

Hello Peter,

thanks for sharing this interesting news.

Any plans to implement forwarding of all events and activities and not audit logs only?

Having auditing events captured externaly is a good start from a compliance point of view but having OneView's deep integration into the HPE hardware environment as source for getting hardware events into syslog would be really great.

Regards,

Daniel

PeterWolfe · ‎03-19-2019

Most all HW events are forward today as SNMP traps (not via syslog). Those are the specific events from the managed devices. For the OneView alerts in general, there is the State Change Message Bus (and AMPQ-based message bus). You'd need a 'connector' to listen on the bus and place the data in syslog (or splunk or whatever). You could check in the OneView section of HPE's github to see if anyone has developed a canned integration for that. For example, https://github.com/HewlettPackard/oneview-redfish-toolkit look like it does some of what you are after.

Daniel-L · ‎03-20-2019

Hello Peter,

thanks for your sugestion - will have a look into this.

A native syslog implementation would still be highly apreciated.

Regards,

Daniel

Kamalji · ‎03-26-2019

You May check online help of Oneview

Title "Manage audit log forwarding"

You should have Privileges: Infrastructure administrator.

From the main menu, select Settings > Security.

Click the Edit icon in the Security panel or select Actions > Edit.

On the Edit Security screen, under Audit Log, enable Audit log forwarding

For more details refer OneView Online help

Thank You!
I am a HPE employee

__________________________________________
Was the post useful? Click on the white KUDOS! Thumb below to say Thank You!

adamcole · ‎05-28-2019

Am I wrong or are the audit logs not in proper syslog format? I can forward to our syslog server but because the hostname is not included with each log it does not know how to classify it. Any way to add the name of the oneview appliance to the audit log?

adamcole · ‎05-28-2019

Is there a place I need to enter the hostname in order for the audit log to pick it up properly?

PeterWolfe · ‎05-28-2019

Looks like the forwarded syslog entry is using the appliance's internal hostname (ci-<appliance MAC address>) and not the user-configured appliance hostname.

adamcole · ‎05-28-2019

Can this be modified in any way? I'm not seeing any name in my logs.

OneView syslog

OneView syslog

Re: OneView syslog

Re: OneView syslog

Re: OneView syslog

Re: OneView syslog

Re: OneView syslog

Re: OneView syslog

Re: OneView syslog

Re: OneView syslog

Re: OneView syslog

Hewlett Packard Enterprise International