Subscribe

fpolicy read/write only for NFS

[ Edited ]

Hi,

 

I've set up fpolicy on my NetApp filer Release 7.0.5 Model FAS270 to screen for create,delete,rename,read,write. Then I start my fpolicy server on a remote host. After that 'fpolicy show' command gives the following output

 

------------------------------------------------------------------------------------------------------------------------

 

File policy himpol (file screening) is enabled.

 

File screen servers              P/S Connect time (dd:hh:mm)  Reqs    Fails
----------------------------------------------------------------------------
10.217.105.77   \\LILY          Pri    00:00:01                 0        0

 

Operations monitored:
File create,File rename,File delete
Directory rename,Directory delete,Directory create
Above operations are monitored for NFS and CIFS

 

File read, File write
Above operations are monitored for NFS only

 

List of extensions to screen:
???

 

List of extensions not to screen:
Extensions-not-to-screen list is empty.

 

Number of files screened:   26
Number of screen failures:  4

 

--------------------------------------------------------------------------------------------------------------------------------

 

My question is why read and write are monitored for NFS only? Shouldn't they be monitored for CIFS as well? Is there a dependency on the NetApp Release/Model number? I am using the latest Fpolicy sample server code(fpserver) example from the latest Fpolicy SDKv7.3.1.

 

Thanks in advance

 

-Himanshu

Re: fpolicy read/write only for NFS

Himanshu,  I suspect this is just bad syntax in the message and what it really means is that for NFS, the only things that are monitored with Fpolicy (at least in ONTAP 7.0.5) are file read and file write.  That is, operations like file create, file rename and directory delete are monitored for CIFS but not for NFS.   Changing to a newer version of ONTAP like 7.2.6 or 7.3.1.2 might give you more Fpolicy options with NFS.

--John Kim

Re: fpolicy read/write only for NFS

hmm, This is proble of your fpolicy server that r u using. above IC.3 and BR.0 u will not seen this issue

Re: fpolicy read/write only for NFS

Dear all friends,

                      i am using ontap simulator 8.2.1 7-mode  firstly i tell u my aim .my aim is monitoring on cifs share . write a .txt  what change done on share file or folder .same as event logs. i want to also write to file security permission changes on shares files or folders. some suggest me fpolicy. i successfuly configure fpolicy and give a screen server but i dont know how we can retrieve information from screen server ip can anybody tell me how we can do this.

Regards

Mradul Singh