Manage security-group event
Contributors
Suggest changes
PDFs
When a security-group event is configured for a storage virtual machine (SVM) and an audit is enabled, audit events are generated.
The security-group events with event-ids 4731, 4732, 4733, 4734, and 4735 are generated when a local SMB or NFS group is created or deleted from the system, and local user is added or removed from the group. The security-group-events are generated when a user account is modified using vserver cifs users-and-groups <local-group> and vserver services name-service <unix-group> commands.
The following example displays a security group event with the ID 4731 generated, when a local UNIX security group is created:
netapp-clus1::*> vserver services name-service unix-group create -name testunixgroup -id 20
- System
- Provider
[ Name] NetApp-Security-Auditing
[ Guid] {3CB2A168-FE19-4A4E-BDAD-DCF422F13473}
EventID 4731
EventName Local Unix Security Group Created
...
...
SubjectUserName admin
SubjectUserSid 65533-1001
SubjectDomainName ~
SubjectIP console
SubjectPort
TargetUserName testunixgroup
TargetDomainName
TargetGid 20
TargetType NFS
PrivilegeList ~
GidHistory ~