2015-03-16 12:53 PM - last edited on 2015-04-08 07:34 PM by alissa
All the sudden, a new snapshot schedule under the SS policy associating with a volume has been setup. As before there is only one schedule associating a volume, which will be taken once per day. Now, 2nd schedule got created, and once every 8 hours, in addtion to previous one.
We have a few people who have admin access. My question, can customer set up a snapshot policy?
What is log file should I check into to find out details about this change?
Solved! SEE THE SOLUTION
2015-03-16 03:41 PM
Not sure what you mean by customer, but if you mean end user, no, unless they have rights.
check the audit log file
2015-03-16 03:52 PM
2015-03-17 06:03 AM
Mentioned /etc/log/auditlog file is fine for 7-mode systems.
On cDOT the auditing has been changed completely.
See here how to check who was doing what on your system:
'Kudos' is a good way to say "Thank you"
2015-03-17 06:56 AM
well, It is weird. I could not find how the snpashot all the suddent starts to be scheduled.
I checked auditlog.* under /mroot/etc/log, I don't see any related actions, and also command-history.log.* as well.
Can anybody please shed some lights here?
2015-03-17 07:00 AM
I booked a lab just for you...
cluster1::*> debug log files modify -incl-files mgwd
cluster1::*> debug log show -timestamp >30m
Tue Mar 17 06:33:27 2015 cluster1-01 [kern_mgwd:info:901] ssh :: 192.168.0.5 :: admin :: volume create -vserver svm-exchange -volume test_vol -size 3g -aggregate aggr1_01 :: Pending
cluster1::*> net traceroute -node cluster1-01 -destination 192.168.0.5
traceroute to 192.168.0.5 (192.168.0.5), 64 hops max, 44 byte packets
1 jumphost (192.168.0.5) 0.350 ms * 0.414 ms