I am an Security Analyst and i was assigned to a Storage Project[Netapp] for which i need some information in regard with the logging..,
One more query is the log format same as filer O/P in data ontap.
Log Format for Messages
<PRI> <TIME> ' ' <MESG> '[' <MDATA> ' ' <SIG> ' ']
<DAY> Event Day
<DATE> Event Date
<TIME> Event Time
<[EVENT:> Event Name which is Event ID
<:Severity]> Severity is categories like emerg, alert, crit, err, warning, notice, info, debug
<MSG> Details About Message
Log Format of adtlog.evt
DATE | TIME | Event ID | Operation Outcome | Number of seconds of duplicated events | Filer Name | Number of duplicate events detected | Protocol used | User | Object | Access Code
<Date> Date (20060801)
<Time> Time (104742)
<Event ID> Event ID (540,538,560) Support Windows Event ID’s
<Operation Outcome> Operation Details (Success or Failure)
<Number of seconds of duplicated events> Number
<Filer Name> Filer Name (Data)
<Number of duplicate events detected> Number
<Protocol used> Protocol Used (Unknown, CIFS, NFS,HTTP)
<User> User Name (administrator, petemo)
<Object> Object Details e.g.(\vol\vol0\etc\lclgroups.cfg)
<Access Code> (Read:Read Attributes)
Please make sure that the auditing is enabled in the windows. I have copy pasted the section below for your convenience.
To setup additional items that will be audited, you will need to configure specific audit rules for each share or qtree:
- In Computer Manager, go to the qtree or folder that you wish to audit.
- Select the Security tab , then the Advanced tab, and select Auditing.
- Specify the groups and events to be audited.