Modify a security trace entry
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The
vserver security trace filter modify command modifies a security trace filter entry. This feature is currently supported for CIFS only and not supported for NFS.
The vserver security trace filter modify command is not supported for Vservers with Infinite Volume.
Parameters
- -vserver <vserver name> - Vserver
- This specifies the name of the Vserver on which the permission trace is applied.
- -index <integer> - Filter Index
- This specifies the index number for the filter. A maximum of 10 entries can be created. The allowed values for this parameter are 1 through 10.
- [-client-ip <IP Address>] - Client IP Address to Match
- This specifies the IP Address from which the user is accessing the Vserver.
- [-path <TextNoCase>] - Path
- This specifies the path to which permission tracing is applied. The value can be the complete path, starting from the root of the share for CIFS or the root of the volume for NFS that the client is accessing, or the value can be a part of the path that the client is accessing. Use NFS style directory separators in the path value.
- { [-windows-name <TextNoCase>] - Windows User Name
- This specifies the Windows user name to trace. You can use any of the following formats when specifying the value for this parameter:
- user_name
- domain\user_name
- | [-unix-name <TextNoCase>]} - UNIX User Name
- This specifies the Unix user name to trace.
- [-trace-allow {yes|no}] - Trace Allow Events
- Security tracing can trace deny events and allow events. Deny event tracing is always ON by default. Allow events can optionally be traced. If set to yes, this option allows tracing of allow events. If set to no, allow events are not traced.
- [-enabled {enabled|disabled}] - Filter Enabled
- This specifies whether to enable or disable the filter. Filters are enabled by default.
- [-time-enabled <integer>] - Minutes Filter is Enabled
- This specifies a timeout for this filter, after which it is disabled.
Examples
The following example modifies a security trace filter.
cluster1::> vserver security trace filter modify -vserver vs0 -index 1 -time-enabled 120 -client-ip 10.72.205.207
The following examples modify filters that include the -path option. If the client is accessing a file with the path \\server\sharename\dir1\dir2\dir3\file.txt, a complete path starting from the root of the share or a partial path can be given as shown:
cluster1::> vserver security trace filter modify -vserver vs0 -index 1 -path /dir1/dir2/dir3/file.txt
cluster1::> vserver security trace filter modify -vserver vs0 -index 1 -path dir3/file.txt