ONTAP Discussions

Netapp Native fpolicy to monitor file access events and send email notifications.

san456
4,206 Views

Does netapp's Native Fpolicy have capability to send email notification when specific file access event occurs such as file deletion/creation/ownership change etc. I understand that Fpolicy events can be configured for various file operations. when such events occurs, can data ontap be configured to send email notification with the change.

 

 

1 ACCEPTED SOLUTION

Ontapforrum
4,120 Views

Hi,

 

I don't think NetApp natively supports sending email notifications for the "fpolicy file-operational events" such as  the ones you have mentioned. Email notifications can be sent for ONTAP Kernel based "EMS" events but I don't think that level of granularity is there.

 

ONTAP kernel based EMS system has a catalogue and each event's information can be viewed using event catalogue command.

 

If you want to know any EMS events that include fpolicy related alerts then you can use this command:
::> event catalog show -message-name fpolicy*

 

May be external fpolicy target such as 'Varonis' may have have this option in the their front-end GUI?

 

Thanks!

View solution in original post

3 REPLIES 3

Ontapforrum
4,121 Views

Hi,

 

I don't think NetApp natively supports sending email notifications for the "fpolicy file-operational events" such as  the ones you have mentioned. Email notifications can be sent for ONTAP Kernel based "EMS" events but I don't think that level of granularity is there.

 

ONTAP kernel based EMS system has a catalogue and each event's information can be viewed using event catalogue command.

 

If you want to know any EMS events that include fpolicy related alerts then you can use this command:
::> event catalog show -message-name fpolicy*

 

May be external fpolicy target such as 'Varonis' may have have this option in the their front-end GUI?

 

Thanks!

GidonMarcus
4,074 Views

Hi

 

Fpolicy does not write to the EMS. you can enable sectrace on the vserver and collect the failure:

sectrace filter create -index 1 -protocols cifs -trace-allow no -enabled enabled


clu02::*> sectrace trace-result show -result *fpoli* -fields path,client-ip,win-user
node vserver seqnum client-ip path win-user
------- ------- ------ ------------ ------------------------------------- --------
filer02 SVM02 0 192.168.0.14 /New folder/New Text Document (2).txt lab\g
filer02 SVM02 1 192.168.0.14 /New folder/New Text Document (2).txt lab\g
filer02 SVM02 2 192.168.0.14 /New folder/New Text Document (2).txt lab\g

 

 

Can maybe create a script to check the log via the ONTAP API every few min and send an email. that's the best option i can think of for now...

 

 

 

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK

san456
4,044 Views

Thank you.

Public