2017-06-06 10:26 AM
I have configured NetApp FPolicy on a SMB share. The FPolicy server I have developed get requests from NetApp. I am enabled all SMB filters (open, close, setattr, delete, delete_dir, rename, rename_dir).
I am using Data ONTAP 8.3.2. I deleted a file from my Windows 10 client. But NetApp does not send a FPolicy request with SMB_DEL. I only get SMB_OPEN and SMB_CLOSE requests on the file.
Is there someway I can get a delete request when a file is deleted? I am also attaching a Wireshark packet trace for FPolicy captured on the FPolicy server. It has requests that NetApp sends to my FPolicy server.
Thanks for your help!
2017-11-28 05:51 AM
Late reply, but I'm hoping one of you are still around. I'm running into the same issue. I've created a new fpolicy on my 8.3.2 c-mode netapp. All SMB events are being sent to our fpolicy server (stealthaudit) with the exception of delete_file from windows 10 clients (delete folder is being sent from win 10). I can't seem to locate any information on the native fpolicy being discussed in one of the replies. Does anyone have any additional information I could review to try to resolve my issue?
- Matt Friedenfeld