I have configured NetApp FPolicy on a SMB share. The FPolicy server I have developed get requests from NetApp. I am enabled all SMB filters (open, close, setattr, delete, delete_dir, rename, rename_dir).
I am using Data ONTAP 8.3.2. I deleted a file from my Windows 10 client. But NetApp does not send a FPolicy request with SMB_DEL. I only get SMB_OPEN and SMB_CLOSE requests on the file.
Is there someway I can get a delete request when a file is deleted? I am also attaching a Wireshark packet trace for FPolicy captured on the FPolicy server. It has requests that NetApp sends to my FPolicy server.
Late reply, but I'm hoping one of you are still around. I'm running into the same issue. I've created a new fpolicy on my 8.3.2 c-mode netapp. All SMB events are being sent to our fpolicy server (stealthaudit) with the exception of delete_file from windows 10 clients (delete folder is being sent from win 10). I can't seem to locate any information on the native fpolicy being discussed in one of the replies. Does anyone have any additional information I could review to try to resolve my issue?