Create security trace filters
Suggest changes
PDFs
You can create security trace filters that detect SMB and NFS client operations on storage virtual machines (SVMs)and trace all access checks matching the filter. You can use the results from security traces to validate your configuration or to troubleshoot access issues.
There are two required parameters for the vserver security trace filter create command:
Required parameters |
Description |
|---|---|
|
SVM name The name of the SVM that contains the files or folders on which you want to apply the security trace filter. |
|
Filter index number The index number you want to apply to the filter. You are limited to a maximum of 10 trace filters per SVM. The allowed values for this parameter are 1 through 10. |
A number of optional filter parameters enable you to customize the security trace filter so that you can narrow down the results produced by the security trace:
Filter parameter |
Description |
||
|---|---|---|---|
|
This filter specifies the IP address from which the user is accessing the SVM. |
||
|
This filter specifies the path on which to apply the permission trace filter. The value for
You must use NFS style directory UNIX-style directory separators in the path value. |
||
|
You can specify either the Windows user name or UNIX user name whose access requests you want to trace. The user name variable is case insensitive. You cannot specify both a Windows user name and a UNIX user name in the same filter.
|
||
|
Tracing for deny events is always enabled for a security trace filter. You can optionally trace allow events. To trace allow events, you set this parameter to |
||
|
You can enable or disable the security trace filter. By default, the security trace filter is enabled. |
||
|
You can specify a timeout for the filter, after which it is disabled. |
-
Create a security trace filter:
vserver security trace filter create -vserver vserver_name -index index_numberfilter_parametersfilter_parametersis a list of optional filter parameters.For more information, see the man pages for the command.
-
Verify the security trace filter entry:
vserver security trace filter show -vserver vserver_name -index index_number
The following command creates a security trace filter for any user accessing a file with a share path \\server\share1\dir1\dir2\file.txt from the IP address 10.10.10.7. The filter uses a complete path for the -path option. The client's IP address used to access data is 10.10.10.7. The filter times out after 30 minutes:
cluster1::> vserver security trace filter create -vserver vs1 -index 1 -path /dir1/dir2/file.txt -time-enabled 30 -client-ip 10.10.10.7 cluster1::> vserver security trace filter show -index 1 Vserver Index Client-IP Path Trace-Allow Windows-Name -------- ----- ----------- ---------------------- ----------- ------------- vs1 1 10.10.10.7 /dir1/dir2/file.txt no -
The following command creates a security trace filter using a relative path for the -path option. The filter traces access for a Windows user named “joe”. Joe is accessing a file with a share path \\server\share1\dir1\dir2\file.txt. The filter traces allow and deny events:
cluster1::> vserver security trace filter create -vserver vs1 -index 2 -path /dir1/dir2/file.txt -trace-allow yes -windows-name mydomain\joe
cluster1::> vserver security trace filter show -vserver vs1 -index 2
Vserver: vs1
Filter Index: 2
Client IP Address to Match: -
Path: /dir1/dir2/file.txt
Windows User Name: mydomain\joe
UNIX User Name: -
Trace Allow Events: yes
Filter Enabled: enabled
Minutes Filter is Enabled: 60