The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to reigister at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Start a New Post

Log spammed with "secd.authsys.lookup.failed"

gfz-marco
‎2018-09-07 12:22 AM

Hello

 

Recently our logs get spammed with "secd.authsys.lookup.failed" events on one of our nfs svms.

We can see that that an invalid UID is used but we can't see from which client.

How can we find the culprit, is this done by activating a security audit or is it hidden somewhere inside the logs?

 

Any tip would be appreciated.

 

Cheers

Marco

0 Kudos
View By:
Tags (3)
1 ACCEPTED SOLUTION

gfz-marco
‎2018-11-16 05:34 AM
In response to moep

After working for many days on this case with a netapp supporter, we could not find an "easy" way to identify these uids but i was presented with a workaround.

This involves a tcpdump on a node and filtering through the tracefile with wireshark.

Not really what i was looking for but this works for now and the supporter even created a feature request from our findings.

We'll see how that comes out...

 

I would say that they care at netapp, but it involves work on both sides.

View solution in original post

0 Kudos
3 REPLIES 3

gfz-marco
‎2018-09-18 04:53 AM

Since we get around 1500-2000 events per day, i've opened a case now.

Lets wait and see about the outcome...

0 Kudos

moep
‎2018-09-28 01:42 AM
In response to gfz-marco

I have seen similar events in the past and opened a case as well. NetApp is unable to identify the source because there is no logging of the client address. Also there is no auditing for NFSv3 access available. The log messages are completely useless this way. I complained about it, but as usual nobody cares at NetApp.

0 Kudos

gfz-marco
‎2018-11-16 05:34 AM
In response to moep

After working for many days on this case with a netapp supporter, we could not find an "easy" way to identify these uids but i was presented with a workaround.

This involves a tcpdump on a node and filtering through the tracefile with wireshark.

Not really what i was looking for but this works for now and the supporter even created a feature request from our findings.

We'll see how that comes out...

 

I would say that they care at netapp, but it involves work on both sides.

View solution in original post

0 Kudos
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

View All
NetApp Insights to Action
I2A Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public