This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

CG Collect NetAPP Audit log

HI All

     I create a audit volume for netapp audit use

002.png

then I reference CG admin guide to set /etc/fstab (I find the document add colon......it spent I much time to check why I could not mount it)

//192.168.1.81/nsroot/audit /mnt/audit cifs ro,nouser,noexec,nosuid,credentials=/usr/netiq/vsau/etc/cifs 0 0

then I create a file on /usr/netiq/vsau/etc

the content like below

192.168.1.81,/nsroot/audit,/mnt/audit,audit

then I restart  /etc/init.d/vigilentagent to apply security agent

then apply CG's Netapp Policy like below

010.png

then I try to add file then modify file content to audit volume...

but no event to been generated....

Who has connect NetAPP's audit success experience ??

 

Thanks!!

 

Wencheng

Tags:

  • Verified Answer

    0 in reply to 

    Hi

      when you testing....the document has 1 error about /etc/fstab....it add a colon symbol...it is not need.

    another document is need another setting...when you enable netapp audit (to generate XML file)...the audit file like windows GPO enable auditing...but you still "need" set volumd/folder that you want to audit security setting (like windows file auditing setting)...if you do not do this setting...this audit will not record any file operation event.

     

    Share for all.

     

    Wencheng