“No Syslog box in the dropdown options”.configuring VNX block only array to send logs to syslog server

Article Number: 483920 Article Version: 3 Article Type: Break Fix



Unisphere for VNX

Customer could not get past step 2c in the attached document.

It was determined that they did not have a host agent installed on the appliance or workstation that they wanted to use as the syslog server. (It was also confirmed that they could not install a Host agent on the server due to security considerations.)

Install the appropriate host agent on the syslog server.

You can find the host agent with the following search:

Here’s a link with additional instructions:

https://support.emc.com/search/

Type in Unisphere Host Agent in the (Scope by Product) search box, leave ‘All support’ default in the ‘Scope by resource’ box and most importantly, click on the ‘Advanced Options’ tab over on the lower right. (otherwise a completely different and larger list will populate in findings as it doesn’t do a ‘full text’ search.)

search page screenshot

This search can be modified to find either Windows specific or Unix and other OS versions of the host agents as well. Here are some of the common ones:

ie;

Unisphere Host Agent for Windows 32 and 64-bit

Unisphere Host Agent (Linux x64)

Unisphere Host Agent for Linux x86

Unisphere Host Agent (Solaris x64)

Unisphere Host Agent (Solaris SPARC)

Unisphere Host Agent for AIX

Unisphere Host Agent for HP-UX

*Note: Purposely I left out the version number in all of these, and tested search functionality and they all pull up the latest and older versions of each type.

On a block only array, a host agent must be installed on the syslog server.


>> Here’s a questionnaire that you can provide to customer to determine their set up status:

1. Do you have a Host agent installed on the system (workstation) that you are going to be using as the Centralized Monitor station?

2. What is the Host agent type and version?

3. What is the OS and version on the Portal system or workstation (or VNX array) that you have designated?

4. Have you added the Portal IP address(es) to the Host Agent config file?

5. Could you verify that the other systems or workstations that you expect to see in the Available systems dropdown are not already functioning as portals? Can you also verify that they are running Unisphere for Windows?

6. *If* you are using VNX as the portal, do you have more than 20 hosts attached to the array? Note: the attached document states -> IMPORTANT: Do not use as a portal a VNX system that has more than 20 attached hosts.

.

Related:

  • No Related Posts

Re: VNX Traps(alert) Properties

The MIB for VNX Block is already installed on both storage processors.

To enable it/set up SNMP responses, be sure the Single Notification for Multiple Events check box is not selected in the Action for events field on the General response tab.

In the systems drop-down list on the menu bar, select a storage system.

2. Select System > Monitoring and Alerts > Notifications for Block > Notification Templates.

3. Right-click the template for which you want to set up SNMP responses and select Properties.

4. Click SNMP.

5. In SNMP Management Host, type the IP address of the third-party enterprise-management application that you want to receive SNMP traps.

6. Click Test to test this response.

7. Click OK to close the Template dialog box

The VNX MIB, by default, does not contain every trap. This is because EMC allows you to customize the notification method for each event that occurs.

https://support.emc.com/kb/463389 Where can I find the Management Information Base (MIB) file for my CLARiiON or VNX storage system?

https://support.emc.com/media48612_How_to_use_SNMP_on_VNX.mp4?language=en_US

https://support.emc.com/docu41454_Configuring_Events_and_Notifications_on_VNX_for_File.pdf?language=en_US

https://support.emc.com/docu41522_Using-SNMPv3-on-VNX.pdf?language=en_US

glen

Related:

  • No Related Posts

Monitor Solution – What suite?

I need a solution

Hi All,

Can anyone confirm what suite the montioring solution is part of? We currently have asset management and the Client management. I dont think I can use monitoring solution with just these two.

If thats the case, is it possible to safely add it to my environment as a trial to see how it works? Remove afterwards if we dont need it? Looking at replacing nimsoft with it if displays similiar information.

Thanks!

0

1527501547

Related:

  • No Related Posts

Re: SNMP Trap when failure recovered

Hello guys,

I’m testing SNMP function of Scaleio Gateway software(v2.0.0.2) with 3node cluster.

According to User Guide document(p.530), Scaleio gateway sends a SNMP trap when system failure has been fixed.

>Open and closing alerts will consist of the same code and issue number, with the

>exception of the first digit (0 or 1) in the <ISSUE> section. For example:

> SIOXX.XX.0XXXXXX indicates that the alert is active

> SIOXX.XX.1XXXXXX indicates that the alert has been closed

I’ve rebooted Secondary MDM to test the function above.

I had expected the trap contains “SIO02.01.1000001″ would be send by gateway after cluster recovered, but it wasn’t.

Is it normal behavior? If so, do I have to any setting or configuring to activate the function to send trap after failure recovered?

#please see packet capture log below:

————————————

tcpdump -i eth0 -T snmp -s 0 “(dst port 162) or (src port 161) or (dst port161)”

[Before reboot MDM2]

10:41:23.734093 IP [SIO-GATEWAY].38650 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222765000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=3 E:1139.101.1.2=”System.License.Trial_License_Used” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO01.02.0000003″

[After MDM2 shutdown]

10:41:53.734020 IP [SIO-GATEWAY].36025 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222768000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=3 E:1139.101.1.2=”System.License.Trial_License_Used” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO01.02.0000003″

10:41:53.734251 IP [SIO-GATEWAY].36025 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222768000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=5 E:1139.101.1.2=”MDM.MDM_Cluster.MDM_Not_Clustered” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO02.01.0000001″

[During MDM2 rebooting]

10:45:23.733943 IP [SIO-GATEWAY].59254 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222789000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=3 E:1139.101.1.2=”System.License.Trial_License_Used” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO01.02.0000003″

10:45:23.734308 IP [SIO-GATEWAY].59254 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222789000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=5 E:1139.101.1.2=”MDM.MDM_Cluster.MDM_Not_Clustered” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO02.01.0000001″

[After MDM2 rebooted]

10:45:53.734101 IP [SIO-GATEWAY].57034 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222792000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=3 E:1139.101.1.2=”System.License.Trial_License_Used” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO01.02.0000003″

10:46:23.734032 IP [SIO-GATEWAY].52960 > [SNMP-RCV].snmptrap: V2Trap(188) system.sysUpTime.0=222795000 S:1.1.4.1.0=E:1139.101.1 E:1139.101.1.1=3 E:1139.101.1.2=”System.License.Trial_License_Used” E:1139.101.1.3=”[MDM1-id]” E:1139.101.1.4=”SIO01.02.0000003″

————————————

*: “…” means repeating.

Regards,

Ichiro

Related:

  • No Related Posts

Netscaler VPX 1000 – Azure – Slowness getting through Netscaler.


With 12.0 builds, we have changed default yield behavior for PE vCPUs. vCPU will not yield to hypervisor, even though if there is less/moderate traffic in 12.0 build, which was not the case for 11.1 builds. That’s the reason, VPX vCPU is always 100% on hypervisor. However, vCPU is allocated to management core might not be 100%.

NetScaler yields PE vCPUs to hypervisor in sparse/moderate traffic cases. Since we have observed Tx overflow/congestion, it’s somewhat related to scheduling, we thought not yielding vCPU helps in improving the situation.

– set ns vpxparam -cpuyield NO

Upgrade to 12.0.53.X+

Related:

  • No Related Posts

How to Use the Authentication Feature of a NetScaler Appliance with a Load Balancing or Content Switching VServer on the Appliance

This article describes how to use the authentication feature of a NetScaler appliance with a Load Balancing or Content Switching virtual server on the appliance.

Requirements

To complete this task, the NetScaler appliance must have license for the Load Balancing, Content Switching, and Authentication, Authorization, and Auditing (AAA – Application Traffic) features.

Related:

  • No Related Posts

Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway leading to arbitrary code execution and host compromise

This vulnerability has been addressed in the following versions of Citrix NetScaler ADC and NetScaler Gateway:

• Citrix NetScaler ADC and NetScaler Gateway version 12.0 Build 57.24 and later

• Citrix NetScaler ADC and NetScaler Gateway version 11.1 Build 58.13 and later

• Citrix NetScaler ADC and NetScaler Gateway version 11.0 Build 71.24 and later

• Citrix NetScaler ADC and NetScaler Gateway version 10.5 Build 68.7 and later

Citrix NetScaler ADC and NetScaler Gateway version 10.1 are not planned to be updated as part of remediating this issue. Customers on version 10.1 should plan to move to a later version to receive the latest security updates.

These new versions can be downloaded from the following locations:

https://www.citrix.com/downloads/netscaler-adc.html

https://www.citrix.com/downloads/netscaler-gateway.html

Citrix strongly recommends that customers using affected versions of NetScaler ADC and NetScaler Gateway to upgrade to a version of the appliance firmware that contains the fixes for this issue as soon as possible.

Related:

  • No Related Posts

How to Handle Certificate Expiry on NetScaler

An “Expiry Monitor” configured on the NetScaler appliance creates entries in the appliance’s syslog and nsaudit logs at midnight when a certificate configured on the appliance is due to expire. And the expiry event only log Once.

There are two ways to monitor certificate expiry.

1. Using “Notify When Expires” option in NetScaler

Step1: Traffic Management -> SSL -> Certificates ->Select the certificate and click Update

User-added image

Step2: Select Notify When Expires, and specify a notification period (number of days) and click ok.

User-added image

Selecting “Notify when Expires” option enables the “Expiry Monitor” which is associated with SSL- Cert-Expiry SNMP trap. Enabling this option on the NetScaler appliance creates entries in the appliance’s syslog and nsaudit logs when a certificate configured on the appliance is due to expire. By default the location of these logs is /var/log/ns.log.

Example:

root@ns# grep sslCertificateExpiry /var/log/ns.log

Jan 17 00:00:41 <local0.info> 192.168.180.139 01/16/2018:16:00:41 GMT ns 0-PPE-0 : default SNMP TRAP_SENT 259058 0 : sslCertificateExpiry (sslCertKeyName.kgs = “kgs”, sslDaysToExpire.kgs = 100, nsPartitionName = default)


To enable an expiry monitor for a certificate by using the command line interface At the command prompt, type

  • set ssl certKey <certkeyName> [-expiryMonitor ENABLED] [- notificationPeriod <positive_integer>]
  • sh ssl certKey

Example:

User-added image

Tips, if you just would like to test sslCertificateExpiry function by changing date, please remember to reboot device by “>reboot – warm”, afterwards don’t reboot anymore and waiting for snmp trap sent at next expiry day 00:00 .

2. Using Command Center:

Command Center’s Certificate Management enables central visibility and management of SSL certificates deployed on NetScaler devices. It lists all certificates with expiry dates. This is where expired certificates can be renewed centrally. We can also generate signing requests centrally and configure custom alerts based on expiry periods

To monitor certificate expiry using Command Center.

  1. Set the severity level for certificate based on the number of days to expire.

Create a trigger with category “SSLCertificates” and an action to send the notification email.

​​Step1: Login to Command Center-> Go to configuration -> Certificate management ->Certificates -> go to actions and select severity levels

User-added image

You can set severity levels based on expiration values of certificates configured on managed devices. Command Center generates events when an assigned severity level is met. The default severity levels are as follows:

Step2: Define severity levels by specifying number of days and click create.

User-added image

  • Critical: Certificate has expired.
  • Major: Certificate will expire within 7 days.
  • Minor: Certificate will expire within 30 day.
  • Warning: Certificate will expire within 90 days.

Step3: Enable snmp trap logging by using the command line interface

>set snmp option -snmpTrapLogging ENABLED

Step4: Go to SNMP-> Alarms -> Triggers -> add to create a trigger.

User-added image

Step5: Create trigger by filling the form.

Name: <name of the trigger/Filter> Status: <Enable>

Severity : <by default for every severity change alert is sent, select severity if only specific severity alerts need to be sent>

Devices: <select the device>

Categories: select “SSLCertificates”(this is an SNMP trap) from the drop down and click the right arrow to select this category and click ok.

User-added image

Step6: Click “Add Action” to create an action for the trigger.

User-added image

Step7: Select Action Type as “Send e-mail Action” and configure the email parameters and click ok to finish the notification email setting.

User-added image

Step8: click “ok” to complete the setting of Alarm/Filter.

User-added image

Below is the sample email sent by command center when the severity of the certificate changes and the configured email action in the trigger/filter is executed.

From: <From email-id>

Sent: 25 February 2016 05:50 To: <To email-id>

Subject: certificate expiry

TIME:Wed Feb 24 16:20:29 PST 2016

Node : <IP>

Failure Object : test_cert_1

Severity : Minor

Category : SSLCertificates

System Up Time : –NA–

Info : Certificate expires within 340 days

There will also be an alarm raised for certificate expiry in the alarms list.

User-added image

Based on these notifications admin can plan to update the certificate.

User-added image

Related:

  • No Related Posts

syslog query

I need a solution

Hi,

Is there any impact on SMNP if we enable on proxy , if there in no ACK packet from Solar Wind.

SInce proxy will send continuosly SNMP request will there be any disk issue or memory ?

Also the same scenario for SYslog ?

0

1526356534

Related:

  • No Related Posts