ONTAP Discussions

NetApp Log Auditing

InterNetworkingAG
2,757 Views

Hi there,

 

We are facing an issue with our auditing tool. We have an service which is listening has a connection to our NetApp for auditing purpose. As long as we have this service running and the connection is up we get all log messages from the NetApp. This is our connection string: vserver fpolicy engine-connect -vserver *** -policy-name *** -node *** -server ***

 

But sometimes this service or the server itself need an restart and we would like to buffer the logs.

Is there a possibility to buffer the cifs logs on the NetApp or is there a recommended way to do it?

 

Thanks for the feedback and regards

Pascal

 

1 ACCEPTED SOLUTION

GidonMarcus
2,697 Views

Hi

 

You should be able to use the following setting to retain message longer

 

[-resiliency-max-retention-duration <[<integer>h][<integer>m][<integer>s]>] - Maximum Notification Retention DurationThis parameter specifies the duration for which the notifications are written to files inside the storage controller during network outage. The value for this field must be between 0s and 600s. By default, it is set to 180s.

 

from

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-991/vserver__fpolicy__policy__external-engine__modify.html 

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-991/vserver__fpolicy__policy__external-engine__modify.html

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

View solution in original post

4 REPLIES 4

GidonMarcus
2,698 Views

Hi

 

You should be able to use the following setting to retain message longer

 

[-resiliency-max-retention-duration <[<integer>h][<integer>m][<integer>s]>] - Maximum Notification Retention DurationThis parameter specifies the duration for which the notifications are written to files inside the storage controller during network outage. The value for this field must be between 0s and 600s. By default, it is set to 180s.

 

from

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-991/vserver__fpolicy__policy__external-engine__modify.html 

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-991/vserver__fpolicy__policy__external-engine__modify.html

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

InterNetworkingAG
2,570 Views

Thanks a lot.

 

Sorry for the late reply i was on vacations.

InterNetworkingAG
2,521 Views

A got a follow up question.

 

Even with a 10 minutes buffering from NetApp it could be difficult to gather all auditing logs and we are afraid to loose some logs. How do you solve it? With a backup or write it to a local file? What could be the options for that?

 

Regards

Pascal

Mjizzini
2,505 Views

I would recommend connecting one more Fpolicy servers. I will carry the load when needed as well as will be the backup for the primary server.

 

Public