The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to reigister at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

Log spammed with "secd.authsys.lookup.failed"

gfz-marco

Hello

 

Recently our logs get spammed with "secd.authsys.lookup.failed" events on one of our nfs svms.

We can see that that an invalid UID is used but we can't see from which client.

How can we find the culprit, is this done by activating a security audit or is it hidden somewhere inside the logs?

 

Any tip would be appreciated.

 

Cheers

Marco

1 ACCEPTED SOLUTION

gfz-marco

After working for many days on this case with a netapp supporter, we could not find an "easy" way to identify these uids but i was presented with a workaround.

This involves a tcpdump on a node and filtering through the tracefile with wireshark.

Not really what i was looking for but this works for now and the supporter even created a feature request from our findings.

We'll see how that comes out...

 

I would say that they care at netapp, but it involves work on both sides.

View solution in original post

3 REPLIES 3

gfz-marco

Since we get around 1500-2000 events per day, i've opened a case now.

Lets wait and see about the outcome...

moep

I have seen similar events in the past and opened a case as well. NetApp is unable to identify the source because there is no logging of the client address. Also there is no auditing for NFSv3 access available. The log messages are completely useless this way. I complained about it, but as usual nobody cares at NetApp.

gfz-marco

After working for many days on this case with a netapp supporter, we could not find an "easy" way to identify these uids but i was presented with a workaround.

This involves a tcpdump on a node and filtering through the tracefile with wireshark.

Not really what i was looking for but this works for now and the supporter even created a feature request from our findings.

We'll see how that comes out...

 

I would say that they care at netapp, but it involves work on both sides.

View solution in original post

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public