Skip to main content

Display security trace results

Contributors netapp-thomi

You can display the security trace results generated for file operations that match security trace filters. You can use the results to validate your file access security configuration or to troubleshoot SMB and NFS file access issues.

What you'll need

An enabled security trace filter must exist and operations must have been performed from an SMB or NFS client that matches the security trace filter to generate security trace results.

About this task

You can display a summary of all security trace results, or you can customize what information is displayed in the output by specifying optional parameters. This can be helpful when the security trace results contain a large number of records.

If you do not specify any of the optional parameters, the following is displayed:

  • storage virtual machine (SVM) name

  • Node name

  • Security trace index number

  • Security style

  • Path

  • Reason

  • User name

    The user name is displayed depending on how the trace filter is configured:

    If the filter is configured…​

    Then…​

    With a UNIX user name

    The security trace result displays the UNIX user name.

    With a Windows user name

    The security trace result displays the Windows user name.

    Without a user name

    The security trace result displays the Windows user name.

You can customize the output by using optional parameters. Some of the optional parameters that you can use to narrow the results returned in the command output include the following:

Optional parameter

Description

-fields field_name, …​

Displays output on the fields you choose. You can use this parameter either alone or in combination with other optional parameters.

-instance

Displays detailed information about security trace events. Use this parameter with other optional parameters to display detailed information about specific filter results.

-node node_name

Displays information only about events on the specified node.

-vserver vserver_name

Displays information only about events on the specified SVM.

-index integer

Displays information about the events that occurred as a result of the filter corresponding to the specified index number.

-client-ip IP_address

Displays information about the events that occurred as a result of file access from the specified client IP address.

-path path

Displays information about the events that occurred as a result of file access to the specified path.

-user-name user_name

Displays information about the events that occurred as a result of file access by the specified Windows or UNIX user.

-security-style security_style

Displays information about the events that occurred on file systems with the specified security style.

See the man page for information about other optional parameters that you can use with the command.

Step
  1. Display security trace filter results by using the vserver security trace trace-result show command.

    vserver security trace trace-result show -user-name domain\user

    Vserver: vs1
    
    Node     Index   Filter Details         Reason
    -------- ------- ---------------------  -----------------------------
    node1    3       User:domain\user       Access denied by explicit ACE
                     Security Style:mixed
                     Path:/dir1/dir2/
    
    node1    5       User:domain\user       Access denied by explicit ACE
                     Security Style:unix
                     Path:/dir1/