2018-07-07 07:17 AM
i have to enable auditing for secuirty purposes on a NAS, FAS6210 running CIFS.
Is it possible to set a destination in the internal network? in this case, will the NAS go down if the destination is unreachable or does it continue to work?
thanks in advance
Solved! SEE THE SOLUTION
2018-07-07 08:18 AM
What version of ONTAP do you have & what do you mean by "destination"?
Are you talking about FPolicy here? If yes, are you talking about external FPolicy server?
Be specific if you want someone to help you.
2018-07-08 05:15 AM
with destination i mean mainly a server,a log server, and the software running is 8.1.4 (7-mode).
My question is due to the fact that the NAS is in production environment and any trouble will rip my head off .
Actually on this NAS is running a third part agent that retrieves the logs and saves them in another server, my goal is to get rid of this agent and to directly send the informations to the server.
2018-07-08 08:19 AM
What kind of logs do you want to store on your log server, is it audit log (what AD user performed what action on file in a CIFS share)?
If yes, then built-in audit logging designed to store event files inside audit Vol on ONTAP system.
If you are interested in an external audition, that you should use a 3rd party external audit server which supports FPolicy, for example, Varonis.
If you are talking about storage system events, like disk drive failure, etc., you can configure syslog event forwarding.
2018-07-08 10:55 AM
yes, is a CIFS auditing case but what about the main question.....what happens if the destination of the auditing logs goes down? will the NAS continue to work or any trouble can happen?
thanks for help
2018-07-09 10:59 AM
If you'll have external FPolicy server, first of all with applications like Varonis you can configure multiple servers so no single point of failure.
Second of all it just audit servers, if they will die, NAS will work just fine.