Fpolicy server is not logging events because scope only includes ransomware file extensions
Applies to
- ONTAP 9
- Fpolicy
- Varonis
Issue
- When file
foobar.txtis created on the file system, the creation event is not logged on the Fpolicy server - Packet trace shows that ONTAP did not send the creation event to the Fpolicy server
fpolicy policy eventis configured to auditcreatefile-operations-
::*> fpolicy policy event show -fields file-operations (vserver fpolicy policy event show) vserver event-name file-operations --------- ---------- ------------------------ svm1 event1 create
-
-
fpolicy policy scopeis configured to audit ransomware file-extensions-
::*> fpolicy policy scope show -fields file-extensions-to-include (vserver fpolicy policy scope show) vserver policy-name file-extensions-to-include --------- ----------- -------------------------- svm1 policy1 bad, notgood, evil, malware
-