Solved: SLAG (Storage Level Access Guard) & ONTAP 9

parkea2 · ‎2017-06-08

Just a quick question I hope. I am migrating an older ONTAP 8.2 (7-mode) filer. I believe it had SLAG enabled on a UNIX volume primarily to enable CIFS auditing.

This SLAG setup may have been present when the filer was initially at 7.x levels, but that is a guess and before my time.

I suspect that at ONTAP 9.x SLAG is not required for auditing. When I searched the CIFS and NFS Auditing guide for SLAG I found no references to SLAG.

So am I correct in believing that SLAG is nolonger required for UNIX (NFS) auditing because of the nfsv4 acls be available now ?

I would ideally like to simplify the auditing and remove the SLAG if its not needed for enabling auditing anymore.

Rgds AndyP

NAYABSK · ‎2017-06-10

Yes that's right

View solution in original post

NAYABSK · ‎2017-06-09

Hi,

Thank you for contacting NetApp communities, yes you are right SLAG is no longer needed NFS auditing.

Please check the documentation for more information :- http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-032F05F4-C33B-43A8-A694-3E1A5A3DCDF4.html

Thanks,

Nayab

parkea2 · ‎2017-06-09

Thanks for the response, it confirms what I thought I was reading in the guides. I have been unpicking an old filer and trying to

make sense of the configuration.

Just for clarity can you confirm in the new environment ONTAP 9.1 P1 the volume is : /vol/volname security = UNIX

it is exposed to clients via NFS exports And CIFS Shares.

So if I add suitable NFSv4 ACL to the volume. I should get audit events when the share is access from either

NFS or CIFS protocals. Is that correct ?

Rgds AndyP

NAYABSK · ‎2017-06-10

Yes that's right