Logging of which users access a NFS share possible?

USER_2000 · ‎2014-10-22

Can I find out, which Unix users or user ids are accessing a exported filesystem? If yes, how would I configure that and where would I find the logged informationen?

I run NetApp Release 8.1.3 7-Mode.

Thank you,

Andreas

ekashpureff · ‎2014-10-22

Andreas -

Yes, you should be able to.

I haven't done, but the docs say it can be done.

See the topic 'Auditing system access events' under 'File sharing between NFS and CIFS' in the 'File Access and Protocols Management Guide' NetApp documentation.

I hope this response has been helpful to you.

At your service,

Eugene E. Kashpureff, Sr.
Independent NetApp Consultant http://www.linkedin.com/in/eugenekashpureff
Senior NetApp Instructor, IT Learning Solutions http://sg.itls.asia/netapp
(P.S. I appreciate 'kudos' on any helpful posts.)

YIshikawa · ‎2014-10-22

Adding to Eugene's post, check "Configuring Data ONTAP for NFS auditing".

https://library.netapp.com/ecmdocs/ECMP1114231/html/GUID-13964A29-AA63-414C-9C1A-CD7B773D096B.html

USER_2000 · ‎2014-10-22

I did the following:

Created a SACL for "Authenticated Users", logging all events.

Entered the following commands:

options cifs.audit.nfs.enable on
options cifs.audit.file_access_events.enable on
options cifs.audit.enable on
cifs audit save

Then I loaded the log file in Event Viewer. Basically I can see the information I want now, but there are just too many events created for the info to be usefull. Everytime I save the events after a couple of minutes

and look at the result in Event Viewer, the last event tells me, that 500000 or so events have been discarded due to lack of resources.

Ideally, the report should only show each user once and the logging should run for several days, so I can find out, which users are accesing the filer via NFS. Can this be achieved?