Automatic Configuration of Audit Policy and SACLs for NetApp Cluster

Configure audit settings required for NetApp Cluster in ADAudit Plus.

  1. Login into ADAudit Plus.

  2. Click on "File Audit" → "NetApp Server".

  3. Click on 'Add NetApp Server(s)' select the Server(s) that requires audit (This will list all the Server in the Domain in a Pop-up).

  4. Select a Server and click on 'Get Shares'.

  5. Select the File Shares in the Server and click on 'Next' (The below configuration box will be displayed).

    1. 'Apply default audit settings'- On selecting this option, these NetApp audit prerequisites will be configured automatically.

    2. Automatically enable Necessary audit Permissions (SACLs) on selected shares.

  6. You can skip the automatic configuration by not selecting the check boxes. Click Here to manually configure the Audit Policy and SACLs.

Management IP
Cluster | CIFS Vserver

Enter the management IP (Cluster / CIFS Vserver) for ONTAP SDK API communication

Username

Provide the administrative account credential for ONTAP SDK API communication

Password

Type Password for the entered NetApp username

Port No

Default port : 443 (Https) 80 (Http). Change if you are running NetApp cluster in a different port.

Apply Default Audit Settings Option

When the apply default audit settings option is selected, the below audit settings will be applied for the selected CIFS Server:

  • Rotation Based On: Size
  • Log File Count: 10 (Maximum number of log files maintained)
  • Log File Size: 200MB (Each log file size)
  • Log Path:
    1. Create Log Path: Volume 'cifs_audit_log' will be created with 3GB space and mounted on '/cifs_audit_log' path
    2. Use Existing Log Path: Existing path which has at least 3GB free space
  • Aggregate Name: Aggregate name for creating volume 'cifs_audit_log' - with 3GB free space (When 'Create Log Path' is selected)

When Not Selecting the 'Apply Default Audit Settings' Option

If the above default audit configuration does not meet your enterprise requirements, you can skip the automatic configuration by not selecting the check box. Click Here to manually configure the Audit Policy and SACLs.

SACL

Enabling auditing through SACL, allows to generate a record when an access attempt fails or success or both in the security log for each file share.

  • We recommend the snapshot policy be disabled for the volume where logs will be stored.
  • When you enable audit policy in the NetApp CIFS server through the product console or manually, the Audit-Guarantee setting in the NetApp server is set to True. This setting denies NetApp file operations in case events cannot be logged, which can happen because of insufficient disk space (to know more click here). To continue to perform file operations, you can set Audit-Guarantee=False in the NetApp server. However, if you do this, file operations will not get logged.
Copyright © 2022, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link