ONTAP Discussions

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

About filer and ontap

vairavaniyyappan
‎2011-02-18 04:04 AM
3,565 Views

Hi Team,

I am an Security Analyst and i was assigned to a Storage Project[Netapp] for which i need some information in regard with the logging..,

Query: what is the difference between netapp filer and netapp dataontap,Do they generate the same type of logs or different types of logs.

If possible can you give me the list of audit logs and its format's generated by filer and ontap.

Any help would be realy appreciated.

Regards,

Iyyappan.

0 Kudos
View By:
4 REPLIES 4

lukasz_borek
‎2011-02-18 04:14 AM
3,565 Views
  • netapp filer = hardware / data ontap - operationg system
  • see logs at /vol/vol0/etc/log ...
  • options auditlog.*

It's also depends if you are interested in whole SAN security or only DataOntab security.

You may also want to try  : TR-3649 Best Practices for Secure Configuration of Data ONTAP 7G

0 Kudos

vairavaniyyappan
‎2011-02-21 09:29 PM
In response to lukasz_borek
3,565 Views

Hi Lukasz,

One more query is the log format same as filer O/P in data ontap.

Log Format for Messages
log format:
<PRI> <TIME> ' ' <MESG> '[' <MDATA> ' ' <SIG> ' ']
<DAY>Event Day
<DATE>Event Date
<TIME> Event Time
<[EVENT:>Event Name which is Event ID
<:Severity]>Severity is categories like emerg, alert, crit, err, warning, notice, info, debug
<MSG>Details About Message
Log Format of adtlog.evt
log format:
DATE | TIME | Event ID | Operation Outcome | Number of seconds of duplicated events | Filer Name | Number of duplicate events detected | Protocol used | User | Object | Access Code
Sample Log:
  20060801|104748|560|Success|0|DATA|0|CIFS|petemo|DATA|-|\vol\vol0\etc|Read Attributes|
<Date> Date (20060801)
<Time> Time (104742)
<Event ID>Event ID (540,538,560) Support Windows Event ID’s
<Operation Outcome> Operation Details (Success or Failure)
<Number of seconds of duplicated events>Number
<Filer Name>Filer Name (Data)
<Number of duplicate events detected>Number
<Protocol used> Protocol Used (Unknown, CIFS, NFS,HTTP)
<User> User Name (administrator, petemo)
<Object> Object Details e.g.(\vol\vol0\etc\lclgroups.cfg)
<Access Code> (Read:Read Attributes)


Regards,

Iyyappan.

0 Kudos

vairavaniyyappan
‎2011-02-21 09:34 PM
In response to vairavaniyyappan
3,565 Views

If possible please provide us the product document related to the log format's.

Thanks..,

0 Kudos

vairavaniyyappan
‎2011-02-23 11:20 PM
In response to vairavaniyyappan
3,565 Views

Hi Team,

Is there any one who can help me out in this ..,

Regards,

Iyyappan.V

0 Kudos
Announcements
All Community Forums
Public