Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-2198837.1
Update Date:2018-01-05
Keywords:
Solution Type  Technical Instruction Sure

Solution  2198837.1 :   Oracle ZFS Storage Appliance: Configuring external logging of ZFS appliance events including the audit log  

Related Items 
    

  • Sun ZFS Storage 7420
    •  
  • Oracle ZFS Storage ZS5-2
    •  
  • Oracle ZFS Storage ZS3-2
    •  
  • Oracle ZFS Storage ZS4-4
    •  
  • Oracle ZFS Storage ZS5-4
    •  
  • Oracle ZFS Storage ZS3-4
    •  
  • Sun ZFS Storage 7120
    •  
  • Oracle ZFS Storage Appliance Racked System ZS4-4
    •  
  • Sun ZFS Storage 7320
    •  
  • Oracle ZFS Storage ZS3-BA
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>ZFS Storage>SN-DK: ZS
    •  






In this Document


Goal


Solution


References

Created from <SR 3-13371994441>


Applies to:  

Oracle ZFS Storage ZS4-4 - Version All Versions and later
Oracle ZFS Storage Appliance Racked System ZS4-4 - Version All Versions and later
Oracle ZFS Storage ZS5-4 - Version All Versions and later
Oracle ZFS Storage ZS5-2 - Version All Versions and later
Oracle ZFS Storage ZS3-4 - Version All Versions and later
7000 Appliance OS (Fishworks)



Goal


There are increasing compliance requirements to save the Oracle ZFS Storage Appliance system logs, including auditing of login/logout and user activity, to a location external to the ZFSSA.


 


Solution


To forward events from the appliance syslog-capable services to a remote system, configure and enable the Syslog Relay service under:

     Configuration > Services > System Settings: Syslog

See details in the ZFSSA online help by clicking on Help: Syslog


 


This does not include the audit log.  Automatic forwarding of the audit log to an external host is not available on the ZFSSA at this time.

However, the complete audit history can be displayed in a web browser via the following URL:


      https://<ZFSSA IP or name>:215/api/log/v1/logs/audit


You will be prompted for a user name and password. The user must have valid login credentials on the ZFSSA but needs no specific administrative rights.


Note: The output is always the complete audit history. There is no way to obtain incremental output.


 


The content from this page can be retrieved using curl, and periodic retrieval can be scripted/automated from an external system.



Sample curl command:


      curl -u <user>:<password> -o https://<ZFSSA IP or name>:215/api/log/v1/logs/audit


 


You can also script the audit log retrieval using the REST API.


Refer to the Oracle® ZFS Storage Appliance RESTful API Guide at http://docs.oracle.com/cd/E76475_01/html/E76486/goqri.html#scrolltoc .


 


 Please add SRs from customers requesting this functionality to the long-standing RFE bug 15669473: Add audit log to syslog forwarding.


 


References
 <BUG:15669473> - SUNBT6985321 ADD AUDIT LOG TO SYSLOG FORWARDING



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback