ONTAP Discussions

How to create a destination for audit logging in clustermode NetApp Release 8.3.2

roombabu
4,765 Views

Hi guys,

 

I have the below command to create a policy for audit logging.

 

vserver audit create -vserver <vserver name> -destination <Unix Path> -rotate-schedule-minute <minute of the hour> -rotate-limit <no.of log files>

 

What is the destination here ?

 

its says <unix Path> but what exactly is a unix path?

 

In our system we have CIFS protocol licensing only. Therefore I cannot create a nfs export to facilitate a unix path.

 

can you please guide me?

 

Also do you guys have something like a general case, sample command in use for the above?

1 ACCEPTED SOLUTION

dirk_ecker
4,699 Views

Hi roombabu,

The UNIX path is just a path within your name space. I recommend creating a new volume (and a qtree if required) for storing the audit logs.

 

I implemented audit logging for a customer a few weeks ago, here are the steps:

 

  • Create a new volume (and a qtree), i.e. <svm_name>_audit\audit (volume \ qtree)
  • Mount the volume into the name space, i.e. /<svm_name>_audit/audit
  • Create an audit policy, i.e. vserver audit create -vserver <svm_name> -destination /<svm_name>/audit -format evtx -rotate-schedule-month January-December -rotate-schedule-dayofweek Sunday-Saturday -rotate-schedule-hour 0 -rotate-schedule-minute 0 -rotate-limit 30
  • Enable the audit policy

The following links might be useful:

 

How to set up CIFS auditing with clustered Data ONTAP

Clustered Data ONTAP CIFS Auditing Quick Start Guide

 

I hope this helps!

 

Dirk

View solution in original post

3 REPLIES 3

hariprak
4,734 Views

Hi,

 

For Clustered Data ONTAP 8.3 CIFS and NFS Auditing Guide refer https://library.netapp.com/ecm/ecm_download_file/ECMLP2426796

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

dirk_ecker
4,700 Views

Hi roombabu,

The UNIX path is just a path within your name space. I recommend creating a new volume (and a qtree if required) for storing the audit logs.

 

I implemented audit logging for a customer a few weeks ago, here are the steps:

 

  • Create a new volume (and a qtree), i.e. <svm_name>_audit\audit (volume \ qtree)
  • Mount the volume into the name space, i.e. /<svm_name>_audit/audit
  • Create an audit policy, i.e. vserver audit create -vserver <svm_name> -destination /<svm_name>/audit -format evtx -rotate-schedule-month January-December -rotate-schedule-dayofweek Sunday-Saturday -rotate-schedule-hour 0 -rotate-schedule-minute 0 -rotate-limit 30
  • Enable the audit policy

The following links might be useful:

 

How to set up CIFS auditing with clustered Data ONTAP

Clustered Data ONTAP CIFS Auditing Quick Start Guide

 

I hope this helps!

 

Dirk

rtroiano
1,548 Views

I have been trying to track this information down for a few weeks now.    Thank you so much!

Public