Big savings, Better ROI! Exclusive discounts on ManageEngine Products!* Boost your business *T&C apply
    Click here to shrink
    Click here to expand Click here to expand

    Configuring audit options

    On the Review Summary page of the Add Servers pop-up, you can configure your preferred audit options. Start by choosing your CIFS server type—in this case, Cluster Mode/Vserver.

    Configuring audit options

    Configure the settings below.

    Configuring the management IP and the account

    Provide the details below as discussed in the Prerequisites section:

    • Management IP
    • Username and password
    • Port number

    Configuring audit policies

    The audit policies required for effective NetApp cluster auditing can be configured either automatically or manually.

    Automatic audit policy configuration

    If you want to allow ADAudit Plus to configure the required audit settings automatically, select the NetApp Audit Options Enabled Automatically check box while adding the target NetApp server.

    When this option is enabled, ADAudit Plus will configure a default audit policy and the below parameters in the NetApp CIFS server:

    • Rotation Based On: Size
    • Maximum Log File Count: 10
    • Log File Size: 200MB
    • Log Path: Select either Create or Exist based on whether you want to provide a new aggregate name or an existing path with 3GB space as explained in the Prerequisites page. If you choose Create, a new volume named cifs_audit_log will be created and mounted on the /cifs_audit_log path. If you choose Exist, provide an existing path with a minimum of 3GB for log storage.

    Note For the Exist option, ensure that you provide the junction path and not the share path. For example, /root/logs/cifs is a valid path.>

    Configuring audit options

    If you wish to configure the audit policies manually, follow the directions in the next section.

    Manual audit policy configuration

    The target NetApp cluster devices can be accessed through an SSH or Telnet connection using the required cluster or Vserver administrative credentials.

    Use the command below to configure the audit settings for the respective CIFS servers:

    Vserver audit create -<Vserver_Name> -destination <Log_Destination_Path> -format <Log_Format_in_XML/evtx> -rotate-size <Log_File_Size_Limit_in_KB/MB/GB/TB/PB> -rotate-limit <Log_Files_Rotation_Limit>

    Configuring audit options

    Here, the parameters to be defined are:

    • <Vserver_Name>: The name of the Vserver that the audit configuration will be created on.
    • <Log_Destination_Path>: The audit log destination path where consolidated audit logs are stored. The command will fail if the path is not valid. The path can be up to 864 characters in length and must have read-write permissions.
    • <Log_Format_in_XML/evtx>: The output format of the audit logs. It can be either Data ONTAP-specific XML or Microsoft Windows EVTX log format.
    • <Log_File_Size_Limit_in_KB/MB/GB/TB/PB>: The audit log file size limit, represented as an integer, along with the unit (e.g., 200MB).
    • <Log_Files_Rotation_Limit>: The audit log files rotation limit. A value of “0” indicates that all the log files are retained, and a value of “5” indicates that the last five audit logs are retained.

    Example: Vserver audit create -Vserver vs1 -destination /cifs_audit_log -format evtx -rotate-size 200MB -rotate-limit 10

    1. When you enable an audit policy in the NetApp CIFS server through the product console or manually, the Audit-Guarantee setting in the NetApp server is set to True. This setting prevents users from performing NetApp file operations when events aren’t being logged, which can happen due to insufficient disk space (learn more here). To continue to perform file operations, you can set Audit-Guarantee=False in the NetApp server. However, if you do this, file operations will not get logged.
    2. We recommend disabling the snapshot policy in the volume where audit logs will be stored.

    Configuring SACLs in the shares

    System access-control lists (SACLs) decide which files and folders will be audited and ensure that the system generates audit events when files are accessed. The required SACLs for NetApp CMode CIFS auditing can be configured either automatically or manually.

    Automatic SACL configuration

    If you want ADAudit Plus to auto-configure the required SACLs in the target cluster shares, ensure that the Necessary object level auditing will be set on selected shares check box is selected. Click OK.

    Configuring audit options

    If you wish to configure SACLs manually, deselect the Necessary object level auditing will be set on selected shares check box and proceed to the next step.

    Manual SACL configuration

    For steps to manually configure object-level auditing in your NetApp cluster servers, refer to this page.


    a. Bad username or password

    Configuring audit options

    Check whether the provided username and password are correct.

    b. Unable to connect to the NetApp Server through mentioned port and protocol

    Configuring audit options

    Perform these checks:

    1. Check if the management IP is correct and that you have selected the correct management IP type (i.e., either cluster or Vserver management IP).
    2. Ensure that the credentials entered belong to the provided management IP and are correct.
      Note: To check the items above, use a PuTTy or SSH client and connect to the provided NetApp management IP with the credentials. You should be able to log in without any errors.
    3. Ensure that the port number and protocol (HTTP/HTTPS) for the web console are correct.

    Try connecting to the NetApp OnCommand center with the provided port and protocol. You should be able to access the web console.

    c. Unable to find API: volume create (errno-13005)

    Configuring audit options

    This error occurs when the configured user does not have sufficient permission to execute certain operations on the NetApp server. Refer to the image below for the required roles and permissions.

    Configuring audit options

    d. Aggregate does not exist (errno-14420)

    Configuring audit options

    Check whether the aggregate name (provided for storing audit logs) is valid and has storage provisions for the configured CIFS Vserver.

    e. The specified path does not exist in the namespace (errno-13001)

    Configuring audit options

    Check whether the junction path provided for the log path is valid and mounted and that it belongs to the configured CIFS Vserver.

    Don't see what you're looking for?


      Visit our community

      Post your questions in the forum.


      Request additional resources

      Send us your requirements.


      Need implementation assistance?

      Try onboarding


    On this page

    Get download link