How to manually collect logs and copy files from an ONTAP storage

system

https://kb.netapp.com/onprem/ontap/os/How_to_manually_collect_logs_and_copy_files_from_an_ONT…
Updated: Thu, 18 Jan 2024 15:23:38 GMT

Applies to
• ONTAP 9

Description

Log files on a clustered Data ONTAP node are typically stored at one of the following locations:

• /mroot/etc/log is the location for auditlog, ems, rastrace, and sis (among others).
• /mroot/etc/log/mlog is location for bcomd, command-history, debug, fpolicy, mgwd, notifyd, secd,

'NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations
provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations
provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or 1
techniques herein is a customers responsibility and depends on the customers ability to evaluate and integrate them into the customers operational
environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this
document.'
 snapmirror, spmd, vifmgr, and vldb logs (among others).
• /mroot/etc/crash is the location for core dump files, and the preferred location to store packet traces.
• /mroot/etc/software is the location for clustered Data ONTAP software packages.
• /mroot/etc/log/packet_traces is location for packet traces

Occasionally, the subset of logs supplied by AutoSupport might not satisfy troubleshooting requirements and
copying logs and files form the system is needed. This article describes methods for copying logs and files from
an ONTAP storage system.

Please be aware every node has its own set of logs.

Procedure

Media, iframe, embed and object tags are not supported inside of a PDF.

Procedure

© 2023 NetApp.No part of this document covered by copyright may be reproduced in any form or by any means—graphic, electronic, or mechanical,
including photocopying, recording, taping, or storage in an electronic retrieval system—without prior written permission of the copyright owner. For more
information, see Legal Notices. 2
 Option 1 - Using the SPI (HTTP/HTTPS)

This method describes the procedure to be followed to use Service Processor infrastructure to retrieve files using
HTTP(S).

Availability of SPI Web services might vary by release of Data ONTAP. Information about "Accessing a node's
log, core dump, and MIB files by using a web browser" can be found in these guides:

• ONTAP 9.x System Administration Reference

There are two ways to access the SPI:

• Access the SPI via OnCommand System Manager in ONTAP releases 9.3 and newer
• Direct access to SPI via URL

Note: The SPI services are enabled by default. If you need to enable access, see the following KB
How to enable remote access to a node’s root volume in a cluster

Notes:

• In order to access the SPI, you will need to obtain the cluster's management IP address. Run the following
CLI command to determine the cluster mgmt IP address:

::> network interface show -role cluster-mgmt

• If you want to use HTTPS for secure web access, check to see if "SSL Server Authentication Enabled" is
enabled and a digital certificate is installed:

::> security ssl show -vserver <cluster-name>

Access the SPI via OnCommand System Manager in ONTAP releases 9.3 to 9.7(Classic View only)

1. Access the OnCommand System Manager with an html browser at http(s)://<cluster-mgmt-ip>

2. After logging into OnCommand System Manager, click the Help menu icon in the top right-hand side of
the OnCommand System Manager.
3. In the Help drop-down menu, select Root Volume File Access (SPI) to access the SPI.

© 2023 NetApp.No part of this document covered by copyright may be reproduced in any form or by any means—graphic, electronic, or mechanical,
including photocopying, recording, taping, or storage in an electronic retrieval system—without prior written permission of the copyright owner. For more
information, see Legal Notices. 3
 Direct access to SPI via URL

Directly access files in the root volume via SPI URL with an html browser at http(s)://<cluster-mgmt-ip>/spi/

Option 2 - Clustershell command

This method describes the procedure to be followed to use system script upload to send files to an FTP
or HTTP(S) URL.

In this example, the user uploads a secd.log directly to an FTP server.

::> system script upload -filename /mroot/etc/log/mlog/secd.log

-destination ftp://ftp.mycomp.com/temp/_secd.log
Enter User: anonymous
Enter Password: [email protected]
File "/mroot/etc/log/mlog/secd.log" successfully uploaded to
"ftp://ftp.mycomp.com/temp/_secd.log"

For assistance on uploading the file to NetApp, see How to upload a file to NetApp.

Procedure

Option 3 - Using the Systemshell FTP/SCP clients

This method describes the procedure to access Systemshell as diag user for SCP (Secure Copy using SSH)
or FTP.

© 2023 NetApp.No part of this document covered by copyright may be reproduced in any form or by any means—graphic, electronic, or mechanical,
including photocopying, recording, taping, or storage in an electronic retrieval system—without prior written permission of the copyright owner. For more
information, see Legal Notices. 4
 Warning: The Systemshell provides access to low-level diagnostic tools that can cause irreparable damage
to the system if not used properly.

1. Log in as admin or another user with admin permissions.

2. Verify if a user has admin permissions:

::> security login show

Authentication Acct
UserName Application Method Role Name
Locked
--------------------- ----------- -------------- --------------------
------
admin console password admin no
admin http password admin no
admin ontapi password admin no
admin ssh password admin no

3. Verify the user you are logging in as (admin in this case) has the ability to use the diag account.

4. Verify diag account is unlocked. For more information on unlocking the diag account, see How to unlock the
diag user account.

::> security login show -user-or-group-name diag

Vserver: clus-1
Second
User/Group Authentication Acct
Authentication
Name Application Method Role Name Locked Method
-------------- ----------- ------------- ---------------- ------
--------------
diag console password admin no none

5. Login to Systemshell

Example:

::> set -privilege diag

::*> systemshell -node node-01
(system node systemshell)
Data ONTAP/amd64 (node-01) (ttyp2)

© 2023 NetApp.No part of this document covered by copyright may be reproduced in any form or by any means—graphic, electronic, or mechanical,
including photocopying, recording, taping, or storage in an electronic retrieval system—without prior written permission of the copyright owner. For more
information, see Legal Notices. 5
 login: diag
Password:
Last login: Tue Jun 25 13:48:23 from
localhost
% pwd
/var/home/diag
% cd /mroot/etc/
log
% pwd
/mroot/etc/log
%

6. In Systemshell you can use SCP or FTP:

Example:

% scp
usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i
identity_file] [-l limit]
[-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 ...
[[user@]host2:]file2
%

% ftp
ftp> quit

Option 4 - Using the Systemshell copy command

This method describes the procedure to be followed to use Systemshell copy command to shared folder to
download log file.

1. Run the following command to copy the autosupport logs.

• Prepare an accessible shared folder and name it Share1.

• Assuming case number is 123456789 and the node name is node1,and the Share is /usr/share/,run the
following commands:

::> set diag

::*> systemshell -node node1 -command "sudo find -L /mroot/etc/log -depth

© 2023 NetApp.No part of this document covered by copyright may be reproduced in any form or by any means—graphic, electronic, or mechanical,
including photocopying, recording, taping, or storage in an electronic retrieval system—without prior written permission of the copyright owner. For more
information, see Legal Notices. 6
 -print | sudo tar -cLnvzf /mroot/etc/crash/123456789_`hostname`.tar.gz -T
-"
::*> systemshell -node node1 -command "sudo cp /mroot/etc/crash/
123456789_`hostname`.tar.gz
/usr/share/"

2. Access the share by entering the following in the Windows client explorer:

\\IP\Share1

3. After downloading the file, delete it from the node.

::> set diag

::*>systemshell -node node1 -command "sudo rm /mroot/etc/crash/
123456789_`hostname`.tar.gz"
::*>systemshell -node node1 -command "sudo rm /usr/share/
123456789_`hostname`.tar.gz"

Additional Information

How to manually collect logs from ONTAP 9 or Data ONTAP 8.3

© 2023 NetApp.No part of this document covered by copyright may be reproduced in any form or by any means—graphic, electronic, or mechanical,
including photocopying, recording, taping, or storage in an electronic retrieval system—without prior written permission of the copyright owner. For more
information, see Legal Notices. 7