System log messages sent to syslog servers

For each system log message about an event, HCP sends this information to the specified syslog servers:

  • A unique identifier for the system log entry.
  • A message segment number, if applicable. Messages that exceed 1,024 characters are split into two or more messages, all of which have the same log entry identifier. These message segments are numbered sequentially, starting with 0 (zero) for the first segment.

    HCP sends at most 100 segments for a log message, for a total of 102,400 characters. Any text beyond that is not sent.

  • The message ID.
  • The date and time the event occurred.
  • The severity of the event.
  • The front-end network IP addresses and node number assigned to the node on which the event occurred.
  • If the event applies to a specific logical volume, the volume identifier.
  • The user name and ID of the event initiator.
  • The full message text.

You can choose the severity level of the log messages to be sent. You can also choose whether or not to send messages about security events (that is, attempts to log into the System Management Console with an invalid user name) and compliance events. Compliance events happen at the namespace level, so these messages are sent to the syslog servers only if syslog logging is enabled at the tenant level.

NoteSystem log messages are not guaranteed to arrive at the syslog servers to which they’re sent. This is because the syslog protocol uses UDP for data transmission.