What network failure prevents Audit data from being sent to DII server?
- Views:
- 100
- Visibility:
- Public
- Votes:
- 0
- Category:
- data-infrastructure-insights
- Specialty:
- om
- Last Updated:
- 1/24/2025, 7:38:33 PM
Applies to
- Data Infrastructure Insights (DII, formerly Cloud Insights)
- Storage Workload Security (SWS)
- ONTAP 9
- Network failure between storage virtual machine (SVM) and Workload Security Agent host occurs
Answer
If there is a continuous network failure that meets the following conditions, audit data is lost instead of being sent to DII server:
- When SVM tries to send audit data, if there is no response from SWS data collector for 60 seconds, a timeout occurs.
- If there is no response within 5 retries, FPolicy connection between SVM and data collector is disconnected.
- In scenarios where a data collector is connected to more than one node for SVM audit data, the data collector will not trigger a disconnected state unless all nodes become disconnected. This can lead to missed audit data for any clients connected to the disconnected node. This will be improved in a future deployment.
Note: User Directory Collector is refreshed every 12 hours automatically
Additional Information
- This article is written based on
-server-progress-timeoutand-max-connection-retriesin parameters of vserver fpolicy policy external-engine create - Workload Security Data Collector does not recover automatically
- Configuring an LDAP Directory Server Collector
