Manual Configuration of Audit Policy and SACLs for NetApp Filers

Configuring the Audit Policy

  1. Basic Configuration Commands

  2. Configuring CIFS Auditing

Configuring the SACLs for NetApp Shares

  1. SACL Configuration

Configuring Audit Policy

The NetApp Filer command prompt is accessible through SSH/Telnet connection (Verify your NetApp Filer settings), or via the web interface. To access it via the web interface, open NetApp Filer GUI, and navigate to FilerView > Filer > Use Command Line:


Perform the basic configuration commands

  • To get an option value:

    • options < option_name >

  • To set an option value:

    • options < option_name > < option_value >

For example, to enable the cifs.audit.enable option, execute the following command
options cifs.audit.enable on


Note: For a full list of commands along with their desccriptions, please refer to NetApp reference document.


Configuring CIFS Auditing

Certain pre-requisites for the audit options have to be enabled to generate the file audit events and automatically capture the events as EVT files.

options cifs.audit.account_mgmt_events.enable off

options cifs.audit.logon_evetns.enable off

options cifs.audit.liveview.enable off

options cifs.audit.enable on

options cifs.audit.file_access_events.enable on

options cifs.audit.autosave.file.extension timestamp

options cifs.audit.autosave.file.limit 10

options cifs.audit.autosave.onsize.enable on

options cifs.audit.autosave.onsize.threshold 100%

options cifs.audit.autosave.ontime.enable off

options cifs.audit.logsize 268435456

Also, you must disable the cifs.audit.liveview.enable option, since it interferes with the ADAudit Plus's processing the audit data.

Copyright © 2018, ZOHO Corp. All Rights Reserved.
ManageEngine