Is it possible to forward native FPolicy events to a SIEM or Syslog server?
Applies to
- ONTAP 9
- Native FPolicy
Answer
- Since Fpolicy logging architecture isn't designed to send the messages to a non fpolicy external source, other than an actual FPOLICY product, like Varonis, or native FPOLICY on the vserver, it is not possible to forward native FPolicy events to a Syslog or SIEM server,.
- Native FPolicy configurations use the ONTAP native FPolicy engine to monitor and block file operations based on the file's extension.
- There is no logging available on ONTAP when file operation is blocked based on file extension.
Additional Information
- External FPolicy servers provide solutions for use cases where more than file blocking based on file extension is needed
- When to create a native FPolicy configuration
- When to create a configuration that uses external FPolicy servers
- What are the FPolicy partner solutions for ONTAP?