Software Development Kit (SDK) and API Discussions

fpolicy read/write only for NFS




I've set up fpolicy on my NetApp filer Release 7.0.5 Model FAS270 to screen for create,delete,rename,read,write. Then I start my fpolicy server on a remote host. After that 'fpolicy show' command gives the following output




File policy himpol (file screening) is enabled.


File screen servers              P/S Connect time (dd:hh:mm)  Reqs    Fails
----------------------------------------------------------------------------   \\LILY          Pri    00:00:01                 0        0


Operations monitored:
File create,File rename,File delete
Directory rename,Directory delete,Directory create
Above operations are monitored for NFS and CIFS


File read, File write
Above operations are monitored for NFS only


List of extensions to screen:


List of extensions not to screen:
Extensions-not-to-screen list is empty.


Number of files screened:   26
Number of screen failures:  4




My question is why read and write are monitored for NFS only? Shouldn't they be monitored for CIFS as well? Is there a dependency on the NetApp Release/Model number? I am using the latest Fpolicy sample server code(fpserver) example from the latest Fpolicy SDKv7.3.1.


Thanks in advance





Himanshu,  I suspect this is just bad syntax in the message and what it really means is that for NFS, the only things that are monitored with Fpolicy (at least in ONTAP 7.0.5) are file read and file write.  That is, operations like file create, file rename and directory delete are monitored for CIFS but not for NFS.   Changing to a newer version of ONTAP like 7.2.6 or might give you more Fpolicy options with NFS.

--John Kim


hmm, This is proble of your fpolicy server that r u using. above IC.3 and BR.0 u will not seen this issue


Dear all friends,

                      i am using ontap simulator 8.2.1 7-mode  firstly i tell u my aim .my aim is monitoring on cifs share . write a .txt  what change done on share file or folder .same as event logs. i want to also write to file security permission changes on shares files or folders. some suggest me fpolicy. i successfuly configure fpolicy and give a screen server but i dont know how we can retrieve information from screen server ip can anybody tell me how we can do this.


Mradul Singh