2015-08-05 09:03 AM
I'm pretty new to NetApp, so excuse the lack of knowledge.
That said, I need to figure out what servers are using an NFS export as we are doing some maintenance and need to take these exports down. Prior to doing so however, I'd like to know definitively which servers are accessing which shares so i can inventory the affected customers.
I've been directed to Data_ONTAP_81_File_Access_and_Protocols.pdf pg 278 which says:
Enabling NFS auditing
You can enable NFS auditing by performing several tasks.
About this task
For more information about the options described in these steps, see the options(1) man page.
File sharing between NFS and CIFS | 279
Note: Steps 1 and 2 are mandatory for auditing in a UNIX security style qtree but optional for
auditing in NTFS or mixed security style qtrees.
options cifs.audit.nfs.filter.filename /etc/log/nfs-audit
options cifs.audit.file_access_events.enable on
Note: Auditing of file access and logon events is turned off by default.
options cifs.audit.nfs.enable on
I've done steps 1-4 without issue. But when it comes to step 5, it gives no directives or links on how to do this. Not to mention i have no idea how to set up a SACL on the nfs-audit file.
Can i get some assistance with this?
2016-05-14 07:48 AM
I have a similar issue as well and currently stuck with the NFS auditing. We have peculiar requirement, where one of your export is widely shared across multiple host as per design. Here comes the actual problem, there is some job/user actually deleting some critical data. In order to identify the user, we need the NFS auditing to be enabled.
am new to Netapp as well, appreciate your expert assistance on the same.