Network and Storage Protocols

CIFS auditing toward internal server

Liberello
8,884 Views

Hi guys,

 

i have to enable auditing for secuirty purposes on a NAS, FAS6210 running CIFS.

Is it possible to set a destination in the internal network? in this case, will the NAS go down if the destination is unreachable or does it continue to work?

 

thanks in advance

cheers

1 ACCEPTED SOLUTION

D_BEREZENKO
8,667 Views

If you'll have external FPolicy server, first of all with applications like Varonis you can configure multiple servers so no single point of failure.

Second of all it just audit servers, if they will die, NAS will work just fine.

 

View solution in original post

6 REPLIES 6

D_BEREZENKO
8,868 Views

What version of ONTAP do you have & what do you mean by "destination"?

Are you talking about  FPolicy here? If yes, are you talking about external FPolicy server?

Be specific if you want someone to help you.

Liberello
8,771 Views

with destination i mean mainly a server,a log server, and the software running is 8.1.4 (7-mode).

 

My question is due to the fact that the NAS is in production environment and any trouble will rip my head off 😄 .

Actually on this NAS is running a third part agent that retrieves the logs and saves them in another server, my goal is to get rid of this agent and to directly send the informations to the server.

 

Thank you

D_BEREZENKO
8,748 Views

What kind of logs do you want to store on your log server, is it audit log (what AD user performed what action on file in a CIFS share)?

 

If yes, then built-in audit logging designed to store event files inside audit Vol on ONTAP system.

If you are interested in an external audition, that you should use a 3rd party external audit server which supports FPolicy, for example, Varonis.

 

If you are talking about storage system events, like disk drive failure, etc., you can configure syslog event forwarding.

Liberello
8,728 Views

yes, is a CIFS auditing case but what about the main question.....what happens if the destination of the auditing logs goes down? will the NAS continue to work or any trouble can happen?

 

thanks for help

D_BEREZENKO
8,668 Views

If you'll have external FPolicy server, first of all with applications like Varonis you can configure multiple servers so no single point of failure.

Second of all it just audit servers, if they will die, NAS will work just fine.

 

Liberello
8,653 Views

ok that's important, the NAS will not die if the destination goes down.

 

thank you

cheers

Public