vserver fpolicy policy event create

Create an event

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver fpolicy policy event create command creates an FPolicy event. An event describes what to monitor. An event can contain protocol, file operations, filters, and volume operation event types. In the FPolicy configuration, an event is attached to an FPolicy policy. You can attach the same event to one or more policies.
Note: This command is not supported for a Vserver with Infinite Volume.
Note: Three parameters have dependency rules: -protocol, -files-operations and -filters. The following combinations are supported:
  • Both -protocol and -file-operations
  • All of -protocol, -file-operations and -filters
  • Specify none of three

Parameters

-vserver <Vserver Name> - Vserver
This parameter specifies the name of the Vserver on which you want to create an FPolicy event.
-event-name <Event name> - Event
This parameter specifies the name of the FPolicy event that you want to create. An event name can be up to 256 characters long. An event name value is a string that can only contain any combination of ASCII-range alphanumeric characters (a-z, A-Z, 0-9), "_" and ".".
[-protocol <Protocol>] - Protocol
This parameter specifies the protocol name for which the event will be created. By default, no protocol is selected. The value of this parameter must be one of the following:
  • cifs - This specifies that the event is for the CIFS protocol.
  • nfsv3 - This specifies that the event is for the NFSv3 protocol.
  • nfsv4 - This specifies that the event is for the NFSv4 protocol.
Note: If you specify -protocol, then you must also specify a valid value for the -file-operations parameter.
[-file-operations <File Operation>, ...] - File Operations
This parameter specifies a list of file operations for the FPolicy event. The event will check the operations specified in this list from all client requests using the protocol specified in the -protocol parameter. The list can include one or more of the following operations:
  • close - File close operations.
  • create - File create operations.
  • create_dir - Directory create operations.
  • delete - File delete operations.
  • delete_dir - Directory delete operations.
  • getattr - Get attribute operations.
  • link - Link operations.
  • lookup - Lookup operations.
  • open - File open operations.
  • read - File read operations.
  • write - File write operations.
  • rename - File rename operations.
  • rename_dir - Directory rename operations.
  • setattr - Set attribute operations.
  • symlink - Symbolic link operations.
Note: If you specify -file-operations then you must specify a valid protocol in the -protocol parameter.
[-filters <Filter>, ...] - Filters
This parameter specifies a list of filters of given file operation or operations for the protocol specified in the -protocol parameter. The values in the -filters parameter are used to filter client requests. The list can include one or more of the following:
  • monitor-ads - Filter the client request for alternate data stream.
  • close-with-modification - Filter the client request for close with modification.
  • close-without-modification - Filter the client request for close without modification.
  • close-with-read - Filter the client request for close with read.
  • first-read - Filter the client request for first read.
  • first-write - Filter the client request for first write.
  • offline-bit - Filter the client request for offline bit set. Setting this filter, FPolicy server receives notification only when offline files are accessed.
  • open-with-delete-intent - Filter the client request for open with delete intent. Setting this filter, FPolicy server receives notification only when an attempt is made to open a file with the intent to delete it. This is used by file systems when the FILE_DELETE_ON_CLOSE flag is specified.
  • open-with-write-intent - Filter the client request for open with write intent. Setting this filter, FPolicy server receives notification only when an attempt is made to open a file with the intent to write something in it.
  • write-with-size-change - Filter the client request for write with size change.
  • setattr-with-owner-change - Filter the client setattr requests for changing owner of a file or directory.
  • setattr-with-group-change - Filter the client setattr requests for changing group of a file or directory.
  • setattr-with-sacl-change - Filter the client setattr requests for changing sacl on a file or directory.
  • setattr-with-dacl-change - Filter the client setattr requests for changing dacl on a file or directory.
  • setattr-with-modify-time-change - Filter the client setattr requests for changing the modification time of a file or directory.
  • setattr-with-access-time-change - Filter the client setattr requests for changing the access time of a file or directory.
  • setattr-with-creation-time-change - Filter the client setattr requests for changing the creation time of a file or directory.
  • setattr-with-mode-change - Filter the client setattr requests for changing the mode bits on a file or directory.
  • setattr-with-size-change - Filter the client setattr requests for changing the size of a file.
  • setattr-with-allocation-size-change - Filter the client setattr requests for changing the allocation size of a file.
  • exclude-directory - Filter the client requests for directory operations. When this filter is specified directory operations are not monitored.
Note: If you specify a value for the -filters parameter, then you must also specify valid values for the -file-operations and -protocol parameters.
[-volume-operation {true|false}] - Send Volume Operation Notifications
This parameter specifies whether volume operations generate notifications for the FPolicy event. If this field is set to true then FPolicy sends notifications when volumes are mounted or unmounted. By default, it is false.

Examples

The following example creates an FPolicy event.

            cluster1::> vserver fpolicy policy event create -vserver vs1.example.com -event-name cifs_event -protocol cifs
                                                            -file-operations open,close,read,write -filters first-read,offline-bit
                                                            -volume-operation true

            cluster1::> vserver fpolicy policy event show -vserver vs1.example.com -event-name cifs_event

                     Vserver: vs1.example.com
                  Event Name: cifs_event
                    Protocol: cifs
             File Operations: open, close, read, write
                     Filters: first-read, offline-bit
            Volume Operation: true