This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CG Collect NetAPP Audit log

HI All

     I create a audit volume for netapp audit use

002.png

then I reference CG admin guide to set /etc/fstab (I find the document add colon......it spent I much time to check why I could not mount it)

//192.168.1.81/nsroot/audit /mnt/audit cifs ro,nouser,noexec,nosuid,credentials=/usr/netiq/vsau/etc/cifs 0 0

then I create a file on /usr/netiq/vsau/etc

the content like below

192.168.1.81,/nsroot/audit,/mnt/audit,audit

then I restart  /etc/init.d/vigilentagent to apply security agent

then apply CG's Netapp Policy like below

010.png

then I try to add file then modify file content to audit volume...

but no event to been generated....

Who has connect NetAPP's audit success experience ??

 

Thanks!!

 

Wencheng

Tags:

Parents
  • 0  

    then I create a file on /usr/netiq/vsau/etc

    the content like below

    192.168.1.81,/nsroot/audit,/mnt/audit,audit


    since the audit log is in /audit we need to give it like this
    192.168.1.81,/audit,/mnt/audit,audit

    if this still does not work please CG-netapp log from this location in the agent box
    /usr/netiq/vsau/local/tmp/NetAppObject__singleton.err

  • 0 in reply to   

    HI  

          Did you had tested NetAPP module and work fine ??

    Could you provide your /etc/fstab and /usr/netiq/vsau/etc/<NetAPP Configure file> let me refer to ??

     

    Wencheng

Reply
  • 0 in reply to   

    HI  

          Did you had tested NetAPP module and work fine ??

    Could you provide your /etc/fstab and /usr/netiq/vsau/etc/<NetAPP Configure file> let me refer to ??

     

    Wencheng

Children
  • Verified Answer

    0 in reply to 

    Hi

      when you testing....the document has 1 error about /etc/fstab....it add a colon symbol...it is not need.

    another document is need another setting...when you enable netapp audit (to generate XML file)...the audit file like windows GPO enable auditing...but you still "need" set volumd/folder that you want to audit security setting (like windows file auditing setting)...if you do not do this setting...this audit will not record any file operation event.

     

    Share for all.

     

    Wencheng