Background requirements:

for storage device operation and maintenance, normally, stored syslog logs must be saved. It is necessary to dump and leave marks on device logs. It is better to dump them to other third-party platforms instead of their own controllers or SVP, in the SP for compliance and retention, the current requirement is to dump the OceanStor syslog of chrysanthemum factory to logstash in real time, and then to the ES Log server.

According to the manufacturer 400 and your own blind point, there is a configuration interface, as follows:

according to the requirements, you need to enable UDP access from the IP address to the es address, such as 5044.

OK, activate network policy access, and configure the storage test.

Symptom: the ES Log server cannot receive logs anyway.

Consult 400 and experts again and say that there is nothing wrong with the configuration. That's it. There is no further explanation. It is not good if the test is not successful. Keep looking for it. Is there any test means and methods? After several twists and turns, finally, the counterpart expert was found and the following experiments were conducted:

1. First ping from the storage minisystem to see if it works. The CLI is as follows:

>change user_mode current_mode user_mode=developer

>minisystem

> ping the IP address of the Log server

found no problem, the problem may be found, according to expert suggestions and statements, before storing to ES syslog, ping

it is not only necessary to configure syslog of the GUI and activate UDP port access, but also to release the ping action.

2. Follow the network activation process. After ping is released, the test is successful and the ES Log server can receive the information.

-- Stop work--