ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

NFS AUDIT LOG ENABLING

Netapp_maniac
‎2021-06-04 07:52 AM
8,309 Views

Hello Folks ,

 

Can someone guide how to enable audit logs for CIFS shares  on Ontap CVO ?

Do it has to be NFS/CIFS audit enabling ? It is different for NFS and CIFS ?

 

 

Thanks in Advance !

 

View By:
1 ACCEPTED SOLUTION

Fabian1993
‎2021-06-07 03:44 AM
In response to Netapp_maniac
8,206 Views

Depends on the System that you want to use to viewing the logs..

 

You can mount the volume to look into the logfiles..

View solution in original post

0 Kudos
12 REPLIES 12

Fabian1993
‎2021-06-06 01:18 AM
8,239 Views

Hey Dude,

 

the Guide what you are looking for is this: https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cifs-nfs-audit/home.html , but are you using CVO Service or the fully CVO?

Netapp_maniac
‎2021-06-07 02:55 AM
In response to Fabian1993
8,210 Views

Could you please help me understand what will be the unix path name as per below command :

 

vserver audit create -vserver <vserver> -destination <unix path> -rotate-size <size>

 

Thanks !!

0 Kudos

Fabian1993
‎2021-06-07 03:08 AM
In response to Netapp_maniac
8,209 Views

You have to create a volume for the log. Than you have to mount the Volume under junction path.

Example for the Command

vserver audit create -vserver vs1 -destination /audit_log

 

 

Tags (1)

Netapp_maniac
‎2021-06-07 03:40 AM
In response to Fabian1993
8,205 Views

Volume security style has to be NTFS OR UNIX ?

So will the logs be available in windows/unix machine when the volume is mounted to it ?

 

Thanks !!

0 Kudos

Fabian1993
‎2021-06-07 03:44 AM
In response to Netapp_maniac
8,207 Views

Depends on the System that you want to use to viewing the logs..

 

You can mount the volume to look into the logfiles..

0 Kudos

Netapp_maniac
‎2021-06-14 05:01 AM
In response to Fabian1993
8,090 Views

Thank you ! This has helped me 🙂

0 Kudos

Netapp_maniac
‎2021-07-01 05:26 AM
In response to Fabian1993
8,003 Views

How can i view logs from unix machine using windows event viewer ?

0 Kudos

FelixZhou
‎2021-07-01 08:24 AM
In response to Netapp_maniac
7,993 Views

you have to install NFS client for Windows to review any NFS export.

0 Kudos

FelixZhou
‎2021-07-01 08:21 AM
7,994 Views

CIFS/NFS auditing is not enabled by default, you have to enable it on each SVM, as best practice, redirect the audit log to a different small volume, set up log size and rotation.  for CIFS, you can use Window evnetviewer to trace the logs.

For detailed audit request, third party auditing application is required since by native, either NetApp or windows doesn't have enough function/convince to audit CIFS shares.

Netapp_maniac
‎2021-07-06 04:22 AM
In response to FelixZhou
7,910 Views

I have an issue here , when enabled audit log for ntfs clients . I am able to access share(\auditlog) from client machine but unable to view from the logs from eventviewer. when i am trying to open , it says "A device attached to the system is not functioning "

 

Thanks in advance 

0 Kudos

Reverett
NetApp
‎2021-07-19 03:55 PM
7,683 Views

Hello,

 

The below kb document has great step by step instructions as well as examples for what different types of audits would look like:

 

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_enable_auditing_of_NFS_events_on_clustered_Data_ONTAP

 

 

Sgoyal696
‎2022-09-02 12:33 AM
5,915 Views

@Netapp_maniac  @Reverett  @FelixZhou  @Fabian1993 

How to access this event log using PowerShell scriot to find user infor , who accessed a share.

My task is i have to find who accessedd a share and when.

0 Kudos
All Community Forums
Public