vserver security trace filter create

Create a security trace entry

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver security trace filter create command creates a security trace filter entry. This feature is currently supported for CIFS only and not supported for NFS.

The vserver security trace filter create command is not supported for Vservers with Infinite Volume.

Parameters

-vserver <vserver name> - Vserver
This specifies the name of the Vserver on which the permission trace is applied.
-index <integer> - Filter Index
This specifies the index number you want to assign to the trace filter. A maximum of 10 entries can be created. The allowed values for this parameter are 1 through 10.
[-client-ip <IP Address>] - Client IP Address to Match
This specifies the IP Address from which the user is accessing the Vserver.
[-path <TextNoCase>] - Path
This specifies the path to which permission tracing is applied. The value can be the complete path, starting from the root of the share for CIFS or the root of the volume for NFS that the client is accessing, or the value can be a part of the path that the client is accessing. Use NFS style directory separators in the path value.
{ [-windows-name <TextNoCase>] - Windows User Name
This specifies the Windows user name to trace. You can use any of the following formats when specifying the value for this parameter:
  • user_name
  • domain\user_name
| [-unix-name <TextNoCase>]} - UNIX User Name
This specifies the Unix user name to trace.
[-trace-allow {yes|no}] - Trace Allow Events
Security tracing can trace deny events and allow events. Deny event tracing is always ON by default. Allow events can optionally be traced. If set to yes, this option allows tracing of allow events. If set to no, allow events are not traced.
[-enabled {enabled|disabled}] - Filter Enabled
This specifies whether to enable or disable the filter. Filters are enabled by default.
[-time-enabled <integer>] - Minutes Filter is Enabled
This specifies a timeout for this filter, after which it is disabled.

Examples

The following example creates a security trace filter.

cluster1::> vserver security trace filter create -vserver vs0 -index 1 -time-enabled 120 -client-ip 10.72.205.207

The following examples create filters that include the -path option. If the client is accessing a file with the path \\server\sharename\dir1\dir2\dir3\file.txt, a complete path starting from the root of the share or a partial path can be given as shown:

cluster1::> vserver security trace filter create -vserver vs0 -index 1 -path /dir1/dir2/dir3/file.txt
cluster1::> vserver security trace filter create -vserver vs0 -index 1 -path dir3/file.txt