Monitoring FSx for ONTAP EMS events
You can monitor FSx for ONTAP file system events using NetAPP ONTAP's native Events Management System (EMS). You can view these events using the NetApp ONTAP CLI.
Overview of EMS events
EMS events are automatically generated notifications that alert you when a predefined condition occurs in your FSx for ONTAP file system. These notifications keep you informed so that you can prevent or correct issues that can lead to larger problems, such as storage virtual machine (SVM) authentication issues or full volumes.
By default, events are logged in the Event Management System log. Using EMS, you can monitor events such as user password changes, a constituent within a FlexGroup approaching full capacity, a Logical Unit Number (LUN) was manually brought online or offline, or a volume automatically resizing.
For more information about ONTAP EMS events, see ONTAP EMS Reference
Note
Only some ONTAP EMS messages are available for FSx for ONTAP file systems.
To view a list of the available ONTAP EMS messages, use the NetApp ONTAP CLI
event catalog show
EMS event descriptions contain event names, severity, possible causes, log messages, and
corrective actions that can help you decide how to respond. For example, a wafl.vol.autoSize.fail
Viewing EMS events
Use the NetApp ONTAP CLI
event log showfsxadmin
role on your file system. The command syntax is as follows:
event log show [
event_options
]
The most recent events are listed first. By default, this command displays
EMERGENCY
, ALERT
, and ERROR
severity-level events
with the following information:
Time – The time of the event.
Node – The node on which the event occurred.
Severity – The severity level of the event. To display
NOTICE
,INFORMATIONAL
, orDEBUG
severity-level events, use the-severity
option.Event – The event name and message.
To display detailed information about events, use one or more of the event options listed in the following table.
Event option | Description |
---|---|
|
Displays additional event information. |
|
Displays detailed event information in reverse chronological order. |
|
Displays detailed information about all fields. |
|
Displays a list of events for the node that you specify. Use this option
with |
|
Selects the events that match this number in the sequence. Use with |
|
Selects the events that happened at this specific time. Use the format:
MM/DD/YYYY HH:MM:SS [+- HH:MM]. You can specify a time range by using the
Comparative time values are relative to the current time when you run the command. The following example shows how to display only events that occurred within the last minute:
The month and date fields of this option are not zero-padded. These fields can
be single digits; for example, |
|
Selects the events that match the
To display all events, specify severity as follows:
|
|
Selects the events that match the
To display all events, specify severity as follows:
|
|
Selects the events that match the |
|
Selects the events that match the |
|
Selects the events that match the |
|
Selects the events that match the |
|
Selects the events that match the |
|
Selects the events that match the |
|
Selects the events that match the |
|
Selects the events that match the |
|
Indicates that the command output also includes the specified field or fields. You can use
|
To view EMS events
-
To SSH into the NetApp ONTAP CLI of your file system, follow the steps documented in the Using the NetApp ONTAP CLI section of the Amazon FSx for NetApp ONTAP User Guide.
ssh fsxadmin@
file-system-management-endpoint-ip-address
-
Use the
event log show
command to display the contents of the event log.::>
event log show
Time Node Severity Event ------------------- ------------- ------------- ------------------------ 6/30/2023 13:54:19 node1 NOTICE vifmgr.portup: A link up event was received on node node1, port e0a. 6/30/2023 13:54:19 node1 NOTICE vifmgr.portup: A link up event was received on node node1, port e0d.
For information about the EMS events returned by the event log show
command, refer to the
ONTAP EMS Reference
EMS event forwarding to a Syslog server
You can configure EMS events to forward notifications to a Syslog server. EMS event forwarding is used for real-time monitoring of your file system to determine and isolate root causes for a wide range of issues. If your environment doesn't already contain a Syslog server for event notifications, you must first create one. DNS must be configured on the file system to resolve the Syslog server name.
Note
Your Syslog destination must be located in the primary subnet that is used by your file system.
To configure EMS events to forward notifications to a Syslog server
-
To SSH into the NetApp ONTAP CLI of your file system, follow the steps documented in the Using the NetApp ONTAP CLI section of the Amazon FSx for NetApp ONTAP User Guide.
ssh fsxadmin@
file-system-management-endpoint-ip-address
-
Use the event notification destination create
command to create an event notification destination of type syslog
, specifying the following attributes:-
– The name of the notification destination that is to be created (for example,dest_name
syslog-ems
). An event notification destination name must be 2 to 64 characters long. Valid characters are the following ASCII characters: A-Z, a-z, 0-9, "_", and "-". The name must start and end with: A-Z, a-z, or 0-9. -
– The Syslog server host name or IP address that Syslog messages are sent to.syslog_name
-
– The protocol used to send the events:transport_protocol
udp-unencrypted
– User Datagram Protocol with no security. This is the default protocol.tcp-unencrypted
– Transmission Control Protocol with no security.tcp-encrypted
– Transmission Control Protocol with Transport Layer Security (TLS). When this option is specified, FSx for ONTAP verifies the identity of the destination host by validating its certificate.
-
– The Syslog server port that Syslog messages are sent to. The default valueport_number
syslog-port
parameter depends on the setting for thesyslog-transport
parameter. Ifsyslog-transport
is set totcp-encrypted
, thesyslog-port
default value is6514
. Ifsyslog-transport
is set totcp-unencrypted
,syslog-port
has the default value601
. Otherwise, the default port is set to514
.
::>
event notification destination create -name
dest_name
-syslogsyslog_name
-syslog-transporttransport_protocol
-syslog-portport_number
-
-
Use the event notification create
command to create a new notification of a set of events defined by an event filter to the notification destination created in the previous step, specifying the following attributes: -
– The name of the event filter. Events that are included in the event filter are forwarded to the destinations specified in thenode_name
-destinations
parameter. -
– The name of the existing notification destination that the event notifications are sent to.dest_name
::>
event notification create -filter-name
filter_name
-destinationsdest_name
-
-
If you selected TCP as the
, you can use thetransport_protocol
event notification destination check
command to generate a test message and verify your setup works. Specify the following attributes with the command:-
– The name of the node (for example,node_name
FsxId07353f551e6b557b4-01
). -
– The name of the existing notification destination that the event notifications are sent to.dest_name
::>
set diag
::*>
event notification destination check -node
node_name
-destination-namedest_name
-