Considerations when creating security traces

Contributors

You should keep several considerations in mind when you create security traces on storage virtual machines (SVMs). For example, you need to know on which protocols you can create a trace, which security-styles are supported, and what the maximum number of active traces is.

  • You can only create security traces on SVMs.

  • Each security trace filter entry is SVM specific.

    You must specify the SVM on which you want to run the trace.

  • You can add permission tracing filters for SMB and NFS requests.

  • You must set up the CIFS or NFS server on the SVM on which you want to create trace filters.

  • You can create security traces for files and folders residing on NTFS, UNIX, and mixed security-style volumes and qtrees.

  • You can add a maximum of 10 permission tracing filters per SVM.

  • You must specify a filter index number when creating or modifying a filter.

    Filters are considered in order of the index number. The criteria in a filter with a higher index number is considered before the criteria with a lower index number. If the request being traced matches criteria in multiple enabled filters, only the filter with the highest index number is triggered.

  • After you have created and enabled a security trace filter, you must perform some file or folder requests on a client system to generate activity that the trace filter can capture and log in the trace results log.

  • You should add permission tracing filters for file access verification or troubleshooting purposes only.

    Adding permission tracing filters has a minor effect on controller performance.

    When you are done with verification or troubleshooting activity, you should disable or remove all permission tracing filters. Furthermore, the filtering criteria you select should be as specific as possible so that ONTAP does not send a large number of trace results to the log.