HPE SimpliVity
cancel
Showing results for 
Search instead for 
Did you mean: 

OVC Log to Splunk Server?

 
SOLVED
Go to solution
Highlighted
Occasional Advisor

OVC Log to Splunk Server?

Can OVC logs be forwarded to a Splunk server?

Dave
6 REPLIES 6
Highlighted
HPE Pro

Re: OVC Log to Splunk Server?

Hi DavS,

There is no formal doc right now, but sure you can.

I'll stay away from the straight Linux side of things with rsyslog, as I assume you are already familiar with that (I can find some links if you need them). A standard set of logs collection examples are below, but is there some specific part of system operation you want to gather?

vi /etc/rsyslog.d/svt.conf
$ModLoad imfile

# Additional log files to feed to Splunk

# /var/svtfs/0/log/svtfs.log
$InputFileName /var/svtfs/0/log/svtfs.log
$InputFileTag svtfs
$InputFileStateFile svtfs
$InputRunFileMonitor

# /var/svtfs/0/log/hyperproxyserver.log
$InputFileName /var/svtfs/0/log/hyperproxyserver.log
$InputFileTag hyperproxy
$InputFileStateFile hyperproxy
$InputRunFileMonitor

# /var/svtfs/0/log/eventmgr.log
$InputFileName /var/svtfs/0/log/eventmgr.log
$InputFileTag event-manager
$InputFileStateFile event-manager
$InputRunFileMonitor
service rsyslog restart

Thanks,

Scott

I am an HPE employee
Accept or Kudo
Highlighted
Occasional Advisor

Re: OVC Log to Splunk Server?

Scott,

Here are some for our requirements...

Audit Event

Frequency

Authentication Events:
(1) Logons (Successful/Failure)
(2) Logoffs (Success)

Continuous

   

User and Group Management events:

(1) User add, delete, modify, suspend, lock (Success/Failure)

(2) Group/Role add, delete, modify (Success/Failure)

Continuous

 

Use of Privileged/Special Rights events:

(1) Security or audit policy changes (Success/Failure) (2) Configuration changes (Success/Failure)

 

Continuous

Admin or root-level access (Success/Failure)

Continuous

Privilege/Role escalation (Success/Failure)

Continuous

Audit and log data accesses (Success/Failure)

Continuous

System reboot, restart and shutdown (Success/Failure)

Continuous

 

Thank you.

Dave
Highlighted
Occasional Advisor
Solution

Re: OVC Log to Splunk Server?

Some of this should be in the "standard" /var/log log files...

Dave
Highlighted
HPE Pro

Re: OVC Log to Splunk Server?

Hi DavS,

OK perfect. It sounds like in this case it is beyond SimpliVity specific system operation (the info I provided) and it has moved towards general Linux auditing. In this case you are free to gather any and all logs dirct from the Linux side of things, and all the usual logging that you collect from other Linux boxes. At this level it is in every way a standard linux distro.

Going in to this in great detail may be outside of a forum chat and may be better placed in Support ticket. If you have any issues with your 'standard' compliance requirements, i'd suggest opening a case so that we address specific issues.

Thanks,

Scott

I am an HPE employee
Accept or Kudo
Highlighted
Occasional Advisor

Re: OVC Log to Splunk Server?

Scott,

Thanks for the information. I should have asked the question a different way. I should have asked if the Ubuntu implementaion in the OVC support standard auditing and credition scans.

Your response, "At this level it is in every way a standard linux distro", answered the question.

Dave

Dave
Highlighted
HPE Pro

Re: OVC Log to Splunk Server?

Not a bother Dave!

I am an HPE employee
Accept or Kudo