General Discussion

3rd party software AD Audit plus with built in NetApp plug-in took CIFS share offline

robc
3,528 Views

Hello All,

I have a customer who installed AD Audit Plus, which has a built in NetApp plugin. This is to be able to monitor and audit the CIFS shares (approx 9TB in size) they have. This plug-in has a built in feature where it creates its own logs CIFS share. Customer took all the default settings and ran it however once the customer ran it, it took out the newly created logs CIFS share and took the  CIFS share offline. Autosupport didnt send out an alert neither did on-command unified manager.

 

Dose anyone else use this software? I think they are using it as a security monitoring tool as this scans file/folder access, creation and  deletions. I just need to understand why Autosupport didn't send out an alert even though its enabled and working as we get all the daily performance and management logs and other disks filling up alerts without issue.

 

Does anyone know why this would happen?

 

Thanks very much in advance

 

4 REPLIES 4

ODinulos
3,498 Views

Don't know much about that 3rd party tool, but found this youtube video that explains how to setup... https://www.youtube.com/watch?v=v3iSC-Gs3CY

 

one possible reason is that your auditing or staging (MDV) volumes were full..you might see errors in EMS that shows volume full errors. If you see them for ones that start with MDV_aud those are the staging volumes.

 

If your staging or audit vol was full and in your audit-guarantee is set to true(default) then this can cause clients from accessing due to inability to audit those events.

 

robc
3,488 Views

Hello ODinulos

 

I cant see any volumes with the MDV_vols. but it still doesn't explain why autosupport didn't generate an alert out to say the volume was offline.

ODinulos
3,485 Views

may be worth opening a support case on this..

but the vol won't go offline, only it will be full.

 

some output that would be helpful for your support case...

 

ODinulos_0-1602077798969.png

 

if you have cifs auditing setup, this info would have some config

robc
3,481 Views

robc_0-1602080065875.png

 

Public