ONTAP Discussions

How to configure NFS logging

ig-091714
6,247 Views

I'm pretty new to NetApp, so excuse the lack of knowledge.

That said, I need to figure out what servers are using an NFS export as we are doing some maintenance and need to take these exports down. Prior to doing so however, I'd like to know definitively which servers are accessing which shares so i can inventory the affected customers.

 

I've been directed to Data_ONTAP_81_File_Access_and_Protocols.pdf pg 278 which says:

 

Enabling NFS auditing

You can enable NFS auditing by performing several tasks.

About this task

For more information about the options described in these steps, see the options(1) man page.

Steps

  1. In the /etc/log directory on the storage system, create a file called nfs-audit.

File sharing between NFS and CIFS | 279

Note: Steps 1 and 2 are mandatory for auditing in a UNIX security style qtree but optional for

auditing in NTFS or mixed security style qtrees.

  1. To identify the NFS log filter file, enter the following command:

options cifs.audit.nfs.filter.filename /etc/log/nfs-audit

  1. To enable auditing of file access events, enter the following command:

options cifs.audit.file_access_events.enable on

Note: Auditing of file access and logon events is turned off by default.

  1. To enable NFS auditing, enter the following command:

options cifs.audit.nfs.enable on

  1. Configure audit log management.
  2. On the Windows administration host, set the filter file’s system access control list (SACL)

I've done steps 1-4 without issue. But when it comes to step 5, it gives no directives or links on how to do this. Not to mention i have no idea how to set up a SACL on the nfs-audit file. 

Can i get some assistance with this?

2 REPLIES 2

GR
5,697 Views

Dear All, 

I have a similar issue as well and currently stuck with the NFS auditing. We have peculiar requirement, where one of your export is widely shared across multiple host as per design. Here comes the actual problem, there is some job/user actually deleting some critical data. In order to identify the user, we need the NFS auditing to be enabled.

 

 

 am new to Netapp as well, appreciate your expert assistance on the same.

 

-GR

tonytomnuk
3,626 Views

You need NFS v4 to enable auditing.

Public