Syslog

Syslog is a protocol that is used to convey certain event notification messages. You can configure an Isilon cluster to log audit events and forward them to syslog by using the syslog forwarder.

By default, all protocol events that occur on a particular node are forwarded to the /var/log/audit_protocol.log file, regardless of the access zone the event originated from. All the config audit events are logged to /var/log/audit_config.log by default.

Syslog is configured with an identity that depends on the type of audit event that is being sent to it. It uses the facility daemon and a priority level of info. The protocol audit events are logged to syslog with the identity audit_protocol. The config audit events are logged to syslog with the identity audit_config.

To configure auditing on an Isilon cluster, you must either be a root user or you must be assigned to an administrative role that includes auditing privileges (ISI_PRIV_AUDIT).