ONTAP Discussions

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

NetApp Log Auditing

InterNetworkingAG
‎2021-06-22 08:12 AM
3,158 Views

Hi there,

 

We are facing an issue with our auditing tool. We have an service which is listening has a connection to our NetApp for auditing purpose. As long as we have this service running and the connection is up we get all log messages from the NetApp. This is our connection string: vserver fpolicy engine-connect -vserver *** -policy-name *** -node *** -server ***

 

But sometimes this service or the server itself need an restart and we would like to buffer the logs.

Is there a possibility to buffer the cifs logs on the NetApp or is there a recommended way to do it?

 

Thanks for the feedback and regards

Pascal

 

1 ACCEPTED SOLUTION
tahmad has accepted the solution

GidonMarcus
‎2021-06-23 03:35 AM
3,098 Views

Hi

 

You should be able to use the following setting to retain message longer

 

[-resiliency-max-retention-duration <[<integer>h][<integer>m][<integer>s]>] - Maximum Notification Retention DurationThis parameter specifies the duration for which the notifications are written to files inside the storage controller during network outage. The value for this field must be between 0s and 600s. By default, it is set to 180s.

 

from

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-991/vserver__fpolicy__policy__external-engine__modify.html 

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-991/vserver__fpolicy__policy__external-engine__modify.html

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

View solution in original post

0 Kudos
4 REPLIES 4
tahmad has accepted the solution

GidonMarcus
‎2021-06-23 03:35 AM
3,099 Views

Hi

 

You should be able to use the following setting to retain message longer

 

[-resiliency-max-retention-duration <[<integer>h][<integer>m][<integer>s]>] - Maximum Notification Retention DurationThis parameter specifies the duration for which the notifications are written to files inside the storage controller during network outage. The value for this field must be between 0s and 600s. By default, it is set to 180s.

 

from

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-991/vserver__fpolicy__policy__external-engine__modify.html 

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-991/vserver__fpolicy__policy__external-engine__modify.html

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK
0 Kudos

InterNetworkingAG
‎2021-07-13 07:18 AM
In response to GidonMarcus
2,971 Views

Thanks a lot.

 

Sorry for the late reply i was on vacations.

0 Kudos

InterNetworkingAG
‎2021-07-19 06:44 AM
In response to InterNetworkingAG
2,922 Views

A got a follow up question.

 

Even with a 10 minutes buffering from NetApp it could be difficult to gather all auditing logs and we are afraid to loose some logs. How do you solve it? With a backup or write it to a local file? What could be the options for that?

 

Regards

Pascal

0 Kudos

Mjizzini
Community Manager
‎2021-07-20 03:28 AM
In response to InterNetworkingAG
2,906 Views

I would recommend connecting one more Fpolicy servers. I will carry the load when needed as well as will be the backup for the primary server.

 

0 Kudos
Announcements
All Community Forums
Public