vserver fpolicy policy event create
Create an event
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver fpolicy policy event create
command creates an FPolicy event. An event describes what to monitor. An event can contain protocol, file operations, filters, and volume operation event types. In the FPolicy configuration, an event is attached to an FPolicy policy. You can attach the same event to one or more policies.
Three parameters have dependency rules: -protocol , -files-operations and -filters . The following combinations are supported:
|
-
Both
-protocol
and-file-operations
-
All of
-protocol
,-file-operations
and-filters
-
Specify none of three
Parameters
-vserver <Vserver Name>
- Vserver-
This parameter specifies the name of the Vserver on which you want to create an FPolicy event.
-event-name <Event name>
- Event-
This parameter specifies the name of the FPolicy event that you want to create. An event name can be up to 256 characters long. An event name value is a string that can only contain any combination of ASCII-range alphanumeric characters (a-z, A-Z, 0-9), "_" and ".".
[-protocol <Protocol>]
- Protocol-
This parameter specifies the protocol name for which the event will be created. By default, no protocol is selected. The value of this parameter must be one of the following:
-
_ cifs _
- This specifies that the event is for the CIFS protocol. -
_ nfsv3_
- This specifies that the event is for the NFSv3 protocol. -
_ nfsv4_
- This specifies that the event is for the NFSv4 protocol.If you specify -protocol
, then you must also specify a valid value for the-file-operations
parameter.
-
[-file-operations <File Operation>,…]
- File Operations-
This parameter specifies a list of file operations for the FPolicy event. The event will check the operations specified in this list from all client requests using the protocol specified in the
-protocol
parameter. The list can include one or more of the following operations:-
_close _
- File close operations. -
_create _
- File create operations. -
_create_dir _
- Directory create operations. -
_delete _
- File delete operations. -
_delete_dir _
- Directory delete operations. -
_getattr _
- Get attribute operations. -
_link _
- Link operations. -
_lookup _
- Lookup operations. -
_open _
- File open operations. -
_read _
- File read operations. -
_write _
- File write operations. -
_rename _
- File rename operations. -
_rename_dir _
- Directory rename operations. -
_setattr _
- Set attribute operations. -
_symlink _
- Symbolic link operations.If you specify -file-operations
then you must specify a valid protocol in the-protocol
parameter.
-
[-filters <Filter>,…]
- Filters-
This parameter specifies a list of filters of given file operation or operations for the protocol specified in the
-protocol
parameter. The values in the-filters
parameter are used to filter client requests. The list can include one or more of the following:-
_ monitor-ads _
- Filter the client request for alternate data stream. -
_ close-with-modification _
- Filter the client request for close with modification. -
_ close-without-modification_
- Filter the client request for close without modification. -
_ close-with-read _
- Filter the client request for close with read. -
_ first-read _
- Filter the client requests for the first-read. When this filter is used for CIFS events, the first-read request within a CIFS session results in FPolicy processing. When this filter is used for NFS events, the-file-session-io-grouping-count
and-file-session-io-grouping-duration
configurations determine the first read-request for which FPolicy processing is done. -
_ first-write _
- Filter the client requests for the first-write. When this filter is used for CIFS events, the first-write request within a CIFS session results in FPolicy processing. When this filter is used for NFS events, the-file-session-io-grouping-count
and-file-session-io-grouping-duration
configurations determine the first-write request for which FPolicy processing is done. -
_ offline-bit _
- Filter the client request for offline bit set. Setting this filter, FPolicy server receives notification only when offline files are accessed. -
_ open-with-delete-intent _
- Filter the client request for open with delete intent. Setting this filter, FPolicy server receives notification only when an attempt is made to open a file with the intent to delete it. This is used by file systems when the FILE_DELETE_ON_CLOSE flag is specified. -
_ open-with-write-intent _
- Filter the client request for open with write intent. Setting this filter, FPolicy server receives notification only when an attempt is made to open a file with the intent to write something in it. -
_ write-with-size-change _
- Filter the client request for write with size change. -
_ setattr-with-owner-change _
- Filter the client setattr requests for changing owner of a file or directory. -
_ setattr-with-group-change _
- Filter the client setattr requests for changing group of a file or directory. -
_ setattr-with-sacl-change _
- Filter the client setattr requests for changing sacl on a file or directory. -
_ setattr-with-dacl-change _
- Filter the client setattr requests for changing dacl on a file or directory. -
_ setattr-with-modify-time-change _
- Filter the client setattr requests for changing the modification time of a file or directory. -
_ setattr-with-access-time-change _
- Filter the client setattr requests for changing the access time of a file or directory. -
_ setattr-with-creation-time-change _
- Filter the client setattr requests for changing the creation time of a file or directory. -
_ setattr-with-mode-change _
- Filter the client setattr requests for changing the mode bits on a file or directory. -
_ setattr-with-size-change _
- Filter the client setattr requests for changing the size of a file. -
_ setattr-with-allocation-size-change _
- Filter the client setattr requests for changing the allocation size of a file. -
_ exclude-directory _
- Filter the client requests for directory operations. When this filter is specified directory operations are not monitored.If you specify a value for the -filters
parameter, then you must also specify valid values for the-file-operations
and-protocol
parameters.
If the client sends multiple read/write requests simultaneously for the same file, then the first-read and first-write filters can result in more than one FPolicy notification. -
[-volume-operation {true|false}]
- Send Volume Operation Notifications-
This parameter specifies whether volume operations generate notifications for the FPolicy event. If this field is set to
true
then FPolicy sends notifications when volumes are mounted or unmounted. By default, it isfalse
.
Examples
The following example creates an FPolicy event.
cluster1::> vserver fpolicy policy event create -vserver vs1.example.com -event-name cifs_event -protocol cifs -file-operations open,close,read,write -filters first-read,offline-bit -volume-operation true cluster1::> vserver fpolicy policy event show -vserver vs1.example.com -event-name cifs_event Vserver: vs1.example.com Event Name: cifs_event Protocol: cifs File Operations: open, close, read, write Filters: first-read, offline-bit Volume Operation: true
The following is a list of supported -file-operations
and -filters
for the CIFS
protocol.
Supported | File | Operations | Supported Filters ====================================================================================== close : monitor-ads, close-with-modification, close-without-modification, offline-bit, close-with-read, exclude-directory create : monitor-ads, offline-bit create_dir : none delete : monitor-ads, offline-bit delete_dir : none getattr : offline-bit, exclude-directory open : monitor-ads, offline-bit, open-with-delete-intent, open-with-write-intent, exclude-directory read : monitor-ads, first-read, offline-bit write : monitor-ads, first-write, offline-bit, write-with-size-change rename : offline-bit, monitor-ads rename_dir : none setattr : offline-bit, monitor-ads, setattr-with-owner-change, setattr-with-group-change, setattr-with-sacl-change, setattr-with-dacl-change, setattr-with-modify-time-change, setattr-with-access-time-change, setattr-with-creation-time-change, setattr-with-size-change, setattr-with-allocation-size-change, exclude-directory
The following is a list of supported -file-operations
and -filters
for the nfsv3
protocol.
Supported | File | Operations | Supported Filters ====================================================================================== create : offline-bit create_dir : none delete : offline-bit delete_dir : none link : offline-bit lookup : offline-bit, exclude-directory read : offline-bit, first-read write : offline-bit, write-with-size-change, first-write rename : offline-bit rename_dir : none setattr : offline-bit, setattr-with-owner-change, setattr-with-group-change, setattr-with-modify-time-change, setattr-with-access-time-change, setattr-with-mode-change, setattr-with-size-change, exclude-directory symlink : offline-bit
The following is a list of supported -file-operations
and -filters
for the nfsv4
protocol.
Supported | File | Operations | Supported Filters ====================================================================================== close : offline-bit, exclude-directory create : offline-bit create_dir : none delete : offline-bit delete_dir : none getattr : offline-bit, exclude-directory link : offline-bit lookup : offline-bit, exclude-directory open : offline-bit, exclude-directory read : offline-bit, first-read write : offline-bit, write-with-size-change, first-write rename : offline-bit rename_dir : none setattr : offline-bit, setattr-with-owner-change, setattr-with-group-change, setattr-with-sacl-change, setattr-with-dacl-change, setattr-with-modify-time-change, setattr-with-access-time-change, setattr-with-size-change, exclude-directory symlink : offline-bit