Network Storage Protocols Discussions

Highlighted

CIFS auditing toward internal server

Hi guys,

 

i have to enable auditing for secuirty purposes on a NAS, FAS6210 running CIFS.

Is it possible to set a destination in the internal network? in this case, will the NAS go down if the destination is unreachable or does it continue to work?

 

thanks in advance

cheers

6 REPLIES

Re: CIFS auditing toward internal server

What version of ONTAP do you have & what do you mean by "destination"?

Are you talking about  FPolicy here? If yes, are you talking about external FPolicy server?

Be specific if you want someone to help you.

Re: CIFS auditing toward internal server

with destination i mean mainly a server,a log server, and the software running is 8.1.4 (7-mode).

 

My question is due to the fact that the NAS is in production environment and any trouble will rip my head off Smiley Very Happy .

Actually on this NAS is running a third part agent that retrieves the logs and saves them in another server, my goal is to get rid of this agent and to directly send the informations to the server.

 

Thank you

Re: CIFS auditing toward internal server

What kind of logs do you want to store on your log server, is it audit log (what AD user performed what action on file in a CIFS share)?

 

If yes, then built-in audit logging designed to store event files inside audit Vol on ONTAP system.

If you are interested in an external audition, that you should use a 3rd party external audit server which supports FPolicy, for example, Varonis.

 

If you are talking about storage system events, like disk drive failure, etc., you can configure syslog event forwarding.

Re: CIFS auditing toward internal server

yes, is a CIFS auditing case but what about the main question.....what happens if the destination of the auditing logs goes down? will the NAS continue to work or any trouble can happen?

 

thanks for help

Re: CIFS auditing toward internal server

If you'll have external FPolicy server, first of all with applications like Varonis you can configure multiple servers so no single point of failure.

Second of all it just audit servers, if they will die, NAS will work just fine.

 

Re: CIFS auditing toward internal server

ok that's important, the NAS will not die if the destination goes down.

 

thank you

cheers

Forums