Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to create a destination for audit logging in clustermode NetApp Release 8.3.2
2016-11-15
01:46 PM
6,064 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
I have the below command to create a policy for audit logging.
vserver audit create -vserver <vserver name> -destination <Unix Path> -rotate-schedule-minute <minute of the hour> -rotate-limit <no.of log files>
What is the destination here ?
its says <unix Path> but what exactly is a unix path?
In our system we have CIFS protocol licensing only. Therefore I cannot create a nfs export to facilitate a unix path.
can you please guide me?
Also do you guys have something like a general case, sample command in use for the above?
Solved! See The Solution
1 ACCEPTED SOLUTION
roombabu has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi roombabu,
The UNIX path is just a path within your name space. I recommend creating a new volume (and a qtree if required) for storing the audit logs.
I implemented audit logging for a customer a few weeks ago, here are the steps:
- Create a new volume (and a qtree), i.e. <svm_name>_audit\audit (volume \ qtree)
- Mount the volume into the name space, i.e. /<svm_name>_audit/audit
- Create an audit policy, i.e. vserver audit create -vserver <svm_name> -destination /<svm_name>/audit -format evtx -rotate-schedule-month January-December -rotate-schedule-dayofweek Sunday-Saturday -rotate-schedule-hour 0 -rotate-schedule-minute 0 -rotate-limit 30
- Enable the audit policy
The following links might be useful:
How to set up CIFS auditing with clustered Data ONTAP
Clustered Data ONTAP CIFS Auditing Quick Start Guide
I hope this helps!
Dirk
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
For Clustered Data ONTAP 8.3 CIFS and NFS Auditing Guide refer https://library.netapp.com/ecm/ecm_download_file/ECMLP2426796
Thanks
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
roombabu has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi roombabu,
The UNIX path is just a path within your name space. I recommend creating a new volume (and a qtree if required) for storing the audit logs.
I implemented audit logging for a customer a few weeks ago, here are the steps:
- Create a new volume (and a qtree), i.e. <svm_name>_audit\audit (volume \ qtree)
- Mount the volume into the name space, i.e. /<svm_name>_audit/audit
- Create an audit policy, i.e. vserver audit create -vserver <svm_name> -destination /<svm_name>/audit -format evtx -rotate-schedule-month January-December -rotate-schedule-dayofweek Sunday-Saturday -rotate-schedule-hour 0 -rotate-schedule-minute 0 -rotate-limit 30
- Enable the audit policy
The following links might be useful:
How to set up CIFS auditing with clustered Data ONTAP
Clustered Data ONTAP CIFS Auditing Quick Start Guide
I hope this helps!
Dirk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have been trying to track this information down for a few weeks now. Thank you so much!
