On a 7-mode filer, there exists a log folder like many Unix-like OS'S: /etc/log. Here's a blog post that talks about some of the files there: http://rajeev.name/2010/04/15/log-file-locations-in-netapp-data-ontap/

There are two good ways to get to those logs: NFS mount the root volume, or use syslogd to write the messages to a network receiver (like Splunk), instead of, or in addition to, writing them to disk.

In the current version of this app, we are doing the former in order to populate the data on the top two panels of the default dashboard. It would not be hard to do the same via syslog. You just have to edit syslogd.conf on your storage controllers and send the alerts to Splunk (or a syslog server and then to Splunk, which many customers do). Then there would be a relatively small number of configuration changes to make these dashboard panels work as they do now via the NFS route. This is planned for a future revision of the app--we just didn't quite get there for 1.0.

Note that Cluster-mode has a managed way of configuring these things, so instead of editing syslogd.conf, you would execute something like "event destination modify -name allevents".

All that said, if you do not want to mount the filers, just skip that step. Some customers have said it would be hard to manage at scale or they do not do that by policy. Just understand what types of data you will be missing, and whether or not that is of value to you to have in Splunk, and lastly, if you want to get that data in a different way like syslog. If you fall into this case, I encourage you to use syslog, and to work with the data that way.