Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we have a third party security tools such as LOGRHYTHM to monitor the event logs from all the systems in the environment.According to the Security guy we need agent to be installed on all hosts which needs to be monitored,i wonder how can agent be installed on the Netapp FAS 8080 system to enable the event logs to be monitored by LOGRHYTHM.we wanted to integrate the Auditing logs from CIFS and NFS shares to be monitored.
Did anyone has success in integrating such tools.Thank you.
Solved! See The Solution
1 ACCEPTED SOLUTION
GidonMarcus has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Ontap is a very very customized version of FreeBSD, you can't install agent on it. and there no product in the market that requires that.
FAS8080 can run two Modes of Data ONTAP Operation System,, 7-Mode, and Clustered. while Clustered is latest and what most new 8080 shipped with therefor i link only to cluster mode doc. but it's important that in your forward searching about that topic you know what exact Netapp product you are using. as some vendors might only support the legacy 7-mode and not yet adopted to the recent.
in Clustered Data ontap there two methods that software can monitor the access to files on the NetApp:
1. Fpolicy. you can see list of supported solutions that using that method - your product is not there:
2. EVTX And XML standard auditing files: that i suspect that product might know how to use but coulden't find a good public evidence for,
https://www.netapp.com/us/media/tr-4189.pdf
Its also important to know that there an Product level audit log that saves all the operations that the storage admin do. this also might be good to monitor. and can be done most easily with syslog
Gidi
Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK
2 REPLIES 2
GidonMarcus has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Ontap is a very very customized version of FreeBSD, you can't install agent on it. and there no product in the market that requires that.
FAS8080 can run two Modes of Data ONTAP Operation System,, 7-Mode, and Clustered. while Clustered is latest and what most new 8080 shipped with therefor i link only to cluster mode doc. but it's important that in your forward searching about that topic you know what exact Netapp product you are using. as some vendors might only support the legacy 7-mode and not yet adopted to the recent.
in Clustered Data ontap there two methods that software can monitor the access to files on the NetApp:
1. Fpolicy. you can see list of supported solutions that using that method - your product is not there:
2. EVTX And XML standard auditing files: that i suspect that product might know how to use but coulden't find a good public evidence for,
https://www.netapp.com/us/media/tr-4189.pdf
Its also important to know that there an Product level audit log that saves all the operations that the storage admin do. this also might be good to monitor. and can be done most easily with syslog
Gidi
Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Have you configured the audit log with LOGRHYTHM? What method was used? Evtx files?
Thank you
