Skip to main content

Modify security trace filters

Contributors

If you want to change the optional filter parameters used to determine which access events are traced, you can modify existing security trace filters.

About this task

You must identify which security trace filter you want to modify by specifying the storage virtual machine (SVM) name on which the filter is applied and the index number of the filter. You can modify all the optional filter parameters.

Steps
  1. Modify a security trace filter:

    vserver security trace filter modify -vserver vserver_name -index index_numberfilter_parameters

    • vserver_name is the name of the SVM on which you want to apply a security trace filter.

    • index_number is the index number that you want to apply to the filter. The allowed values for this parameter are 1 through 10.

    • filter_parameters is a list of optional filter parameters.

  2. Verify the security trace filter entry:

    vserver security trace filter show -vserver vserver_name -index index_number

Example

The following command modifies the security trace filter with the index number 1. The filter traces events for any user accessing a file with a share path \\server\share1\dir1\dir2\file.txt from any IP address. The filter uses a complete path for the -path option. The filter traces allow and deny events:

cluster1::> vserver security trace filter modify -vserver vs1 -index 1 -path /dir1/dir2/file.txt -trace-allow yes

cluster1::> vserver security trace filter show -vserver vs1 -index 1
                                 Vserver: vs1
                            Filter Index: 1
              Client IP Address to Match: -
                                    Path: /dir1/dir2/file.txt
                       Windows User Name: -
                          UNIX User Name: -
                      Trace Allow Events: yes
                          Filter Enabled: enabled
               Minutes Filter is Enabled: 60