ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Log spammed with "secd.authsys.lookup.failed"

gfz-marco
‎2018-09-07 12:22 AM
2,813 Views

Hello

 

Recently our logs get spammed with "secd.authsys.lookup.failed" events on one of our nfs svms.

We can see that that an invalid UID is used but we can't see from which client.

How can we find the culprit, is this done by activating a security audit or is it hidden somewhere inside the logs?

 

Any tip would be appreciated.

 

Cheers

Marco

0 Kudos
View By:
Tags (3)
1 ACCEPTED SOLUTION

gfz-marco
‎2018-11-16 05:34 AM
In response to moep
2,539 Views

After working for many days on this case with a netapp supporter, we could not find an "easy" way to identify these uids but i was presented with a workaround.

This involves a tcpdump on a node and filtering through the tracefile with wireshark.

Not really what i was looking for but this works for now and the supporter even created a feature request from our findings.

We'll see how that comes out...

 

I would say that they care at netapp, but it involves work on both sides.

View solution in original post

0 Kudos
3 REPLIES 3

gfz-marco
‎2018-09-18 04:53 AM
2,693 Views

Since we get around 1500-2000 events per day, i've opened a case now.

Lets wait and see about the outcome...

0 Kudos

moep
‎2018-09-28 01:42 AM
In response to gfz-marco
2,639 Views

I have seen similar events in the past and opened a case as well. NetApp is unable to identify the source because there is no logging of the client address. Also there is no auditing for NFSv3 access available. The log messages are completely useless this way. I complained about it, but as usual nobody cares at NetApp.

0 Kudos

gfz-marco
‎2018-11-16 05:34 AM
In response to moep
2,540 Views

After working for many days on this case with a netapp supporter, we could not find an "easy" way to identify these uids but i was presented with a workaround.

This involves a tcpdump on a node and filtering through the tracefile with wireshark.

Not really what i was looking for but this works for now and the supporter even created a feature request from our findings.

We'll see how that comes out...

 

I would say that they care at netapp, but it involves work on both sides.

0 Kudos
All Community Forums
Public