Skip to main content

NetApp_Insight_2020.png 

NetApp Knowledgebase

FAQ: FPolicy: Auditing

Views:
453
Visibility:
Public
Votes:
0
Category:
data-ontap-8
Specialty:
cifs
Last Updated:

 

Applies to

Answer

Overview:

FPolicy Auditing is a software-based solution for data-usage management. With it, organizations can see, understand, and manage who is using data to control data access and enforce compliance with data-usage policies. Auditing assists in addressing the growing need for regulating data usage within organizations, enabling full visibility and accountability of data usage for legal, financial, data-security, intellectual-property, and data-privacy purposes. Although this can be done natively on the controller

Configuration:

See the links in the Related Links section for instruction for your specific software.

The following table shows what events are supported for what protocol:

NFSv3 NFSv4 CIFS
create close close
create_dir create create
delete create_dir create_dir
delete_dir delete delete
link delete_dir delete_dir
lookup getattr getattr
read link open
write lookup read
rename open write
rename_dir read rename
setattr    write rename_dir
symlink rename setattr
  rename_dir  
  setattr  
  symlink  

*Note: Until ONTAP 9.2, first_read and first_write filters are only recommended for CIFS workload since Auditing NFS reads/writes prior to ONTAP 9.2 could result in performance issues.
            Since Ontap 9.2 Onward,  first_read and first_write filters can be used with both CIFS & NFS; see RFE:858682 for more details.

Troubleshooting:

Disable the policy to verify if something outside of FPolicy is causing the issue. If the policy is new or recently modified, verify the configuration of the policy using TR-4429.

Useful commands/logs:
  • fpolicy policy show

  • fpolicy policy scope show

  • fpolicy policy event show

  • fpolicy policy external-engine show

  • fpolicy show-engine

  • /etc/log/ems

  • /etc/log/mlog/fpolicy.log*

  • /etc/log/mlog/mgwd.log*

  • Packet trace collected during the issue on port used to communicate to the FPolicy server.

  • AutoSupport Sections

    • Full autosupports (weekly and Manual)

      • fpolicy policy show = FPOLICY-POLICY-STATUS.XML

      • fpolicy policy scope show = FPOLICY-SCOPE.XML

      • fpolicy policy event show = FPOLICY-EVENT.XML

      • fpolicy policy external-engine show = FPOLICY-EXT-ENGINE.XML

      • fpolicy show-engine = FPOLICY-SERVER-STATUS.XML

    • Daily Management and Manual autosupports

      • /etc/log/mlog/fpolicy.log* = FPOLICY-MLOG-TXT.GZ

Additional Information

  • TR-4429: FPolicy Solution Guide for Clustered Data ONTAP: Varonis DatAdvantage
  • TR-4473: FPolicy Solution Guide for Clustered Data ONTAP: Veritas Data Insight
  • TR-4696: FPolicy Solution Guide for Clustered Data ONTAP: STEALTHbits File Activity Monitor
  • Netwrix *Note: External site. Not NetApp documentation
  • 1225695: Fpolicy has no support for NFSv4.1

 

 

 

  • Was this article helpful?