Solved: How to create a destination for audit logging in clustermode NetApp Release 8.3.2

roombabu · ‎2016-11-15

Hi guys,

I have the below command to create a policy for audit logging.

vserver audit create -vserver <vserver name> -destination <Unix Path> -rotate-schedule-minute <minute of the hour> -rotate-limit <no.of log files>

What is the destination here ?

its says <unix Path> but what exactly is a unix path?

In our system we have CIFS protocol licensing only. Therefore I cannot create a nfs export to facilitate a unix path.

can you please guide me?

Also do you guys have something like a general case, sample command in use for the above?

dirk_ecker · ‎2016-11-18

Hi roombabu,

The UNIX path is just a path within your name space. I recommend creating a new volume (and a qtree if required) for storing the audit logs.

I implemented audit logging for a customer a few weeks ago, here are the steps:

Create a new volume (and a qtree), i.e. <svm_name>_audit\audit (volume \ qtree)
Mount the volume into the name space, i.e. /<svm_name>_audit/audit
Create an audit policy, i.e. vserver audit create -vserver <svm_name> -destination /<svm_name>/audit -format evtx -rotate-schedule-month January-December -rotate-schedule-dayofweek Sunday-Saturday -rotate-schedule-hour 0 -rotate-schedule-minute 0 -rotate-limit 30
Enable the audit policy

The following links might be useful:

I hope this helps!

Dirk

hariprak · ‎2016-11-15

Hi,

For Clustered Data ONTAP 8.3 CIFS and NFS Auditing Guide refer https://library.netapp.com/ecm/ecm_download_file/ECMLP2426796

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

dirk_ecker · ‎2016-11-18