https://community.netapp.com/t5/ONTAP-Discussions/Log-spammed-with-quot-secd-authsys-lookup-failed-quot/m-p/143026#M31732 <P>I have seen similar events in the past and opened a case as well. NetApp is unable to identify the source because there is no logging of the client address. Also there is no auditing for NFSv3 access available. The log messages are completely useless this way. I complained about it, but as usual nobody cares at NetApp.</P> Fri, 28 Sep 2018 08:42:21 GMT moep 2018-09-28T08:42:21Z https://community.netapp.com/t5/ONTAP-Discussions/Log-spammed-with-quot-secd-authsys-lookup-failed-quot/m-p/142580#M31636 <P>Hello</P> <P>&nbsp;</P> <P>Recently our logs get spammed with "secd.authsys.lookup.failed" events on one of our nfs svms.</P> <P>We can see that that an invalid UID is used but we can't see from which client.</P> <P>How can we find the culprit, is this done by activating a security audit or is it hidden somewhere inside the logs?</P> <P>&nbsp;</P> <P>Any tip would be appreciated.</P> <P>&nbsp;</P> <P>Cheers</P> <P>Marco</P> Wed, 04 Jun 2025 13:20:22 GMT https://community.netapp.com/t5/ONTAP-Discussions/Log-spammed-with-quot-secd-authsys-lookup-failed-quot/m-p/142580#M31636 gfz-marco 2025-06-04T13:20:22Z https://community.netapp.com/t5/ONTAP-Discussions/Log-spammed-with-quot-secd-authsys-lookup-failed-quot/m-p/142795#M31697 <P>Since we get around 1500-2000 events per day, i've opened a case now.</P> <P>Lets wait and see about the outcome...</P> Tue, 18 Sep 2018 11:53:43 GMT https://community.netapp.com/t5/ONTAP-Discussions/Log-spammed-with-quot-secd-authsys-lookup-failed-quot/m-p/142795#M31697 gfz-marco 2018-09-18T11:53:43Z https://community.netapp.com/t5/ONTAP-Discussions/Log-spammed-with-quot-secd-authsys-lookup-failed-quot/m-p/143026#M31732 <P>I have seen similar events in the past and opened a case as well. NetApp is unable to identify the source because there is no logging of the client address. Also there is no auditing for NFSv3 access available. The log messages are completely useless this way. I complained about it, but as usual nobody cares at NetApp.</P> Fri, 28 Sep 2018 08:42:21 GMT https://community.netapp.com/t5/ONTAP-Discussions/Log-spammed-with-quot-secd-authsys-lookup-failed-quot/m-p/143026#M31732 moep 2018-09-28T08:42:21Z https://community.netapp.com/t5/ONTAP-Discussions/Log-spammed-with-quot-secd-authsys-lookup-failed-quot/m-p/144711#M32103 <P>After working for many days on this case with a netapp supporter, we could not find an "easy" way to identify these uids but i was presented with a workaround.</P> <P>This involves a tcpdump on a node and filtering through the tracefile with wireshark.</P> <P>Not really what i was looking for but this works for now and the supporter even created a feature request from our findings.</P> <P>We'll see how that comes out...</P> <P>&nbsp;</P> <P>I would say that they care at netapp, but it involves work on both sides.</P> Fri, 16 Nov 2018 13:34:03 GMT https://community.netapp.com/t5/ONTAP-Discussions/Log-spammed-with-quot-secd-authsys-lookup-failed-quot/m-p/144711#M32103 gfz-marco 2018-11-16T13:34:03Z