ONTAP Discussions

Is there a log to show devices connecting to LUNS / CIFS / NFS

NICKCLONDON
7,239 Views

Hi

We need to decommission a netapp filer FAS3140 running 7.3.2

Lots of the NFS mounts and CIFS shares have been setup to allow all hosts or everyone access.

Is there any way i can get a log of what is connecting to each LUN / NFS or CIFS share?

Thanks

Nick

1 ACCEPTED SOLUTION

RichardSopp
7,239 Views

Nick,

The commands suggested by Dean are interactive and the output will not be logged in such a way as what I think you're alluding to in your question.

For CIFS and NFS you need to enable some trace and debug options and be prepared for some content bloat in /etc/messages (which you can subsequently grep for the relevant items).

For CIFS I would recommend the following which will create multiple log entries per client authentication request but gives you a rich audit trail to mine (note the CIFS sessions command is just point in time). :

  • vfiler run * options cifs.trace_login on

For NFS:

  • Edit the /etc/syslog.conf to change the minimum severity of messages sent to the /etc/messages file as the NFS mountd trace is a debug message

         *.debug                                 /etc/messages

  • vfiler run * options nfs.mountd.trace on

Your LUN access patterns are a little more predictable or at least should be because they are defined at the array level so the command suggest by Dean should give you what you need.

Please note that the rotation rates of the /etc/messages log will increase (possibily significantly depending on your environment) when these CIFS and NFS logging features are enabled.

Also note that the above examples will enable the log collection on all vFilers.  If you have vFilers in the environment it may be easier to tackle on at a time on this system (it would certainly be more managable).

One last parting comment - do the right thing as part of any data migration associated with the decommission and apply appropriate access controls to the NFS and CIFS data.

It will come back and bite you sooner than you thing if you dont.

View solution in original post

3 REPLIES 3

DEANNORTH
7,239 Views

Hi,

For CIFS check the CIFS sessions, this will show what share is mapped to which IP (also run on vfiler)

exportfs - will show which NFS exports are exported to where (or rdfile /etc/exports)

igroup show and lun show -v, will help you identify where LUNs are mounted

RichardSopp
7,240 Views

Nick,

The commands suggested by Dean are interactive and the output will not be logged in such a way as what I think you're alluding to in your question.

For CIFS and NFS you need to enable some trace and debug options and be prepared for some content bloat in /etc/messages (which you can subsequently grep for the relevant items).

For CIFS I would recommend the following which will create multiple log entries per client authentication request but gives you a rich audit trail to mine (note the CIFS sessions command is just point in time). :

  • vfiler run * options cifs.trace_login on

For NFS:

  • Edit the /etc/syslog.conf to change the minimum severity of messages sent to the /etc/messages file as the NFS mountd trace is a debug message

         *.debug                                 /etc/messages

  • vfiler run * options nfs.mountd.trace on

Your LUN access patterns are a little more predictable or at least should be because they are defined at the array level so the command suggest by Dean should give you what you need.

Please note that the rotation rates of the /etc/messages log will increase (possibily significantly depending on your environment) when these CIFS and NFS logging features are enabled.

Also note that the above examples will enable the log collection on all vFilers.  If you have vFilers in the environment it may be easier to tackle on at a time on this system (it would certainly be more managable).

One last parting comment - do the right thing as part of any data migration associated with the decommission and apply appropriate access controls to the NFS and CIFS data.

It will come back and bite you sooner than you thing if you dont.

NICKCLONDON
7,239 Views

Thanks all, i will take a look at the suggestions

Nick

Public