This article describes how to use RSyslog Windows Agent to monitor NetApp devices using the Eventlog API. In this guide we describe how to setup the service. For creating the actions, please refer to the our other guides.
There are basically two methods to monitor logs of NetApp devices. The first, described here, is to monitor the device via the Eventlog API. The second method is to monitor the device via the .evt files the device generates. Instructions can be found here.
The NetApp device basically offers to access the log storage via the Eventlog API. That makes it very easy to use our products to monitor NetApp devices.
Basically, we need to create the Event Log Monitor service in RSyslog Windows Agent. Simply right-click on services and from the popup list, choose “Add Service” and the “Event Log Monitor”.
In the next step, enable “remote EventLog monitoring”. Insert the hostname or IP of the NetApp device into the field. Verify the connection with the “Verify” button. You might need to run the MonitorWare Agent service with a account, that has both local administrative rights as well as rights to read the Eventlog of the NetApp device.
Now disable all the currently available logs except for Application, Security and System. Double click on the one that is still checked. A new window opens.
In this new windows, enable the option “Use Checksum to verify the last processed event”. The parameters belonging to this option are now available. Also enable “Always search for the last processed Event using the Checksum”. If these options are not enabled, polling the log messages will not work properly, because the NetApp logging system does not use a record number to identify single log messages. Repeat this step for the remaining two log types.
So thats it basically. You can now choose to forward the log messages via syslog to a central log host, write them into a database or use one of the many other options that are available in RSyslog Windows Agent.