Displaying security trace results

You can display the security trace results generated for file operations that match security trace filters. You can use the results to validate your file access security configuration or to troubleshoot SMB and NFS file access issues.

Before you begin

An enabled security trace filter must exist and operations must have been performed from an SMB or NFS client that matches the security trace filter to generate security trace results.

About this task

You can display a summary of all security trace results, or you can customize what information is displayed in the output by specifying optional parameters. This can be helpful when the security trace results contain a large number of records.

If you do not specify any of the optional parameters, the following is displayed:

You can customize the output by using optional parameters. Some of the optional parameters that you can use to narrow the results returned in the command output include the following:

Optional parameter Description
-fields field_name, ... Displays output on the fields you choose. You can use this parameter either alone or in combination with other optional parameters.
-instance Displays detailed information about security trace events. Use this parameter with other optional parameters to display detailed information about specific filter results.
-node node_name Displays information only about events on the specified node.
-vserver vserver_name Displays information only about events on the specified SVM.
-index integer Displays information about the events that occurred as a result of the filter corresponding to the specified index number.
-client-ip IP_address Displays information about the events that occurred as a result of file access from the specified client IP address.
-path path Displays information about the events that occurred as a result of file access to the specified path.
-user-name user_name Displays information about the events that occurred as a result of file access by the specified Windows or UNIX user.
-security-style security_style Displays information about the events that occurred on file systems with the specified security style.

See the man page for information about other optional parameters that you can use with the command.

Step

  1. Display security trace filter results by using the vserver security trace trace-result show command.
    Example
    vserver security trace trace-result show -user-name domain\user
    Vserver: vs1
    
         Node     Index   Filter Details          Reason
         -------- ------- ---------------------   -----------------------------
         node1    3       User:domain\user        Access denied by explicit ACE
                          Security Style:mixed
                          Path:/dir1/dir2/
    
         node1    5       User:domain\user        Access denied by explicit ACE
                          Security Style:unix
                          Path:/dir1/