系统日志服务器/Splunk服务器未收到审核日志
适用场景
- ONTAP 9.12.1及更高版本
- 系统日志服务器
- Splunk服务器
问题描述
- 配置审核日志转发后、系统日志服务器不会接收审核日志。
- 日志转发服务将应用于集群间Rifs策略:
::>network interface show -services management-log-forwarding -fields service-policy,services
vserver lif service-policy services
-------- ----------------- ------------------ ---------------------------------------
cluster1 intercluster_1 default-intercluster
intercluster-core,management-https,backup-ndmp-control,management-log-forwarding
cluster1 intercluster_2 default-intercluster
intercluster-core,management-https,backup-ndmp-control,management-log-forwarding
5 entries were displayed.