Community maintenance is complete. Thank you for your patience!

ONTAP Discussions

How to create a destination for audit logging in clustermode NetApp Release 8.3.2

roombabu

Hi guys,

 

I have the below command to create a policy for audit logging.

 

vserver audit create -vserver <vserver name> -destination <Unix Path> -rotate-schedule-minute <minute of the hour> -rotate-limit <no.of log files>

 

What is the destination here ?

 

its says <unix Path> but what exactly is a unix path?

 

In our system we have CIFS protocol licensing only. Therefore I cannot create a nfs export to facilitate a unix path.

 

can you please guide me?

 

Also do you guys have something like a general case, sample command in use for the above?

1 ACCEPTED SOLUTION

dirk_ecker

Hi roombabu,

The UNIX path is just a path within your name space. I recommend creating a new volume (and a qtree if required) for storing the audit logs.

 

I implemented audit logging for a customer a few weeks ago, here are the steps:

 

  • Create a new volume (and a qtree), i.e. <svm_name>_audit\audit (volume \ qtree)
  • Mount the volume into the name space, i.e. /<svm_name>_audit/audit
  • Create an audit policy, i.e. vserver audit create -vserver <svm_name> -destination /<svm_name>/audit -format evtx -rotate-schedule-month January-December -rotate-schedule-dayofweek Sunday-Saturday -rotate-schedule-hour 0 -rotate-schedule-minute 0 -rotate-limit 30
  • Enable the audit policy

The following links might be useful:

 

How to set up CIFS auditing with clustered Data ONTAP

Clustered Data ONTAP CIFS Auditing Quick Start Guide

 

I hope this helps!

 

Dirk

View solution in original post

2 REPLIES 2

dirk_ecker

Hi roombabu,

The UNIX path is just a path within your name space. I recommend creating a new volume (and a qtree if required) for storing the audit logs.

 

I implemented audit logging for a customer a few weeks ago, here are the steps:

 

  • Create a new volume (and a qtree), i.e. <svm_name>_audit\audit (volume \ qtree)
  • Mount the volume into the name space, i.e. /<svm_name>_audit/audit
  • Create an audit policy, i.e. vserver audit create -vserver <svm_name> -destination /<svm_name>/audit -format evtx -rotate-schedule-month January-December -rotate-schedule-dayofweek Sunday-Saturday -rotate-schedule-hour 0 -rotate-schedule-minute 0 -rotate-limit 30
  • Enable the audit policy

The following links might be useful:

 

How to set up CIFS auditing with clustered Data ONTAP

Clustered Data ONTAP CIFS Auditing Quick Start Guide

 

I hope this helps!

 

Dirk

View solution in original post

hariprak

Hi,

 

For Clustered Data ONTAP 8.3 CIFS and NFS Auditing Guide refer https://library.netapp.com/ecm/ecm_download_file/ECMLP2426796

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public