Skip to main content
NetApp Knowledge Base

DII ONTAP ZAPI data collector generates excessive audit log entries on ONTAP cluster

  1. Last updated
  2. Save as PDF
Views:
21
Visibility:
Public
Votes:
0
Category:
data-infrastructure-insights
Specialty:
oci
Last Updated:

Applies to

  • Data Infrastructure Insights (DII)
  • NetApp ONTAP Data Management Software data collector (ZAPI-based)
  • ONTAP 9.17.1 and later

Issue

After installing the Data Infrastructure Insights (DII)ONTAP data collector (ZAPI-based) on an ONTAP cluster,
the ONTAP audit log generates a high volume of entries attributed to the DII collector user account.
 
Symptoms include:
  • Tens of thousands of audit log entries per day (e.g., ~65,000/day) from the DII collector user
  • Audit log entries showing "Insufficient privileges:  user '<username>' does not have write access to this resource" for aggr-check-spare-low ZAPI
  • Audit log entries showing "authentication failed" from "unknown:unknown" for ZAPI calls, even when the DII collector login succeeds (HTTP 200)
  • Data collection in DII completes successfully with no errors reported in the DII console
  • Audit log signal-to-noise ratio is degraded, making it difficult to identify legitimate security events
Example audit log entries:
aggr-check-spare-low :: Error: Insufficient privileges:
user '<username>' does not have write access to this
resource
authentication failed from unknown:unknown
(ONTAPI/ZAPI call)

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.