vserver security trace filter modify
Modify a security trace entry
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver security trace filter modify
command modifies a security trace filter entry. Prior to ONTAP 9.3, this feature was only supported for CIFS. In ONTAP 9.3 and later, this feature is supported for both NFS and CIFS.
NFS security trace filters are not supported for FlexGroup volumes, and will only be applied to the FlexVol volumes within the specified Vserver.
Parameters
-vserver <vserver name>
- Vserver-
This parameter specifies the name of the Vserver on which the permission trace is applied.
-index <integer>
- Filter Index-
This parameter specifies the index number for the filter. A maximum of 10 entries can be created. The allowed values for this parameter are 1 through 10.
[-protocols {cifs|nfs}]
- Protocols-
This parameter specifies the protocols for which the permission trace is created.
[-client-ip <IP Address>]
- Client IP Address to Match-
This parameter specifies the IP Address from which the user is accessing the Vserver.
[-path <TextNoCase>]
- Path-
This parameter specifies the path to which permission tracing is applied. The value can be the complete path, starting from the root of the share (for a CIFS filter) or the root of the junction path (for an NFS filter) that the client is accessing, or the value can be a part of the path that the client is accessing. Use NFS style directory separators in the path value.
- {
[-windows-name <TextNoCase>]
- Windows User Name -
This parameter specifies the Windows user name to trace. You can use any of the following formats when specifying the value for this parameter:
-
user_name
-
domain\user_name
-
- |
[-unix-name <TextNoCase>]
- UNIX User Name or User ID } -
This parameter specifies the UNIX user name to trace. It accepts UNIX user ID only for NFS filters.
[-trace-allow {yes|no}]
- Trace Allow Events-
Security tracing can trace deny events and allow events. Deny event tracing is always ON by default. Allow events can optionally be traced. If set to yes, this option allows tracing of allow events. If set to no, allow events are not traced.
[-enabled {enabled|disabled}]
- Filter Enabled-
This parameter specifies whether to enable or disable the filter. Filters are enabled by default.
[-time-enabled <integer>]
- Minutes Filter is Enabled-
This parameter specifies a timeout for this filter, after which it is deleted.
Examples
The following example modifies a security trace filter.
cluster1::> vserver security trace filter modify -vserver vs0 -index 1 -time-enabled 120 -client-ip 10.72.205.207
The following examples modify filters that include the -path option. If the client is accessing a file with the path \\server\sharename\dir1\dir2\dir3\file.txt, for a filter applicable to CIFS, a complete path starting from the root of the share or a partial path can be given as shown:
cluster1::> vserver security trace filter modify -vserver vs0 -index 1 -path /dir1/dir2/dir3/file.txt
cluster1::> vserver security trace filter modify -vserver vs0 -index 1 -path dir3/file.txt
Similarly, for filters applicable to NFS, if -path option is specified and the client is accessing a file with path /junction_path1/junction_path2/dir1/file.txt, a complete path starting from the last junction path or a partial path can be given as shown:
cluster1::> vserver security trace filter modify -vserver vs0 -index 1 -protocols nfs -path dir1/file.txt
cluster1::> vserver security trace filter modify -vserver vs0 -index 1 -protocols nfs -path file.txt
The following example modifies a filter that is applicable to both CIFS and NFS.
cluster1::> vserver security trace filter modify -vserver vs0 -index 1 -protocols cifs,nfs -unix-user root -path file.txt