Configure the audit client for NFS
The audit share is automatically enabled as a read-only share.
-
You have the
Passwords.txt
file with the root/admin password (available in the SAID package). -
You have the
Configuration.txt
file (available in the SAID package). -
The audit client is using NFS Version 3 (NFSv3).
Perform this procedure for each Admin Node in a StorageGRID deployment from which you want to retrieve audit messages.
-
Log in to the primary Admin Node:
-
Enter the following command:
ssh admin@primary_Admin_Node_IP
-
Enter the password listed in the
Passwords.txt
file. -
Enter the following command to switch to root:
su -
-
Enter the password listed in the
Passwords.txt
file.When you are logged in as root, the prompt changes from
$
to#
.
-
-
Confirm that all services have a state of Running or Verified. Enter:
storagegrid-status
If any services are not listed as Running or Verified, resolve issues before continuing.
-
Return to the command line. Press Ctrl+C.
-
Start the NFS configuration utility. Enter:
config_nfs.rb
----------------------------------------------------------------- | Shares | Clients | Config | ----------------------------------------------------------------- | add-audit-share | add-ip-to-share | validate-config | | enable-disable-share | remove-ip-from-share | refresh-config | | | | help | | | | exit | -----------------------------------------------------------------
-
Add the audit client:
add-audit-share
-
When prompted, enter the audit client's IP address or IP address range for the audit share:
client_IP_address
-
When prompted, press Enter.
-
-
If more than one audit client is permitted to access the audit share, add the IP address of the additional user:
add-ip-to-share
-
Enter the number of the audit share:
audit_share_number
-
When prompted, enter the audit client's IP address or IP address range for the audit share:
client_IP_address
-
When prompted, press Enter.
The NFS configuration utility is displayed.
-
Repeat these substeps for each additional audit client that has access to the audit share.
-
-
Optionally, verify your configuration.
-
Enter the following:
validate-config
The services are checked and displayed.
-
When prompted, press Enter.
The NFS configuration utility is displayed.
-
Close the NFS configuration utility:
exit
-
-
Determine if you must enable audit shares at other sites.
-
If the StorageGRID deployment is a single site, go to the next step.
-
If the StorageGRID deployment includes Admin Nodes at other sites, enable these audit shares as required:
-
Remotely log in to the site's Admin Node:
-
Enter the following command:
ssh admin@grid_node_IP
-
Enter the password listed in the
Passwords.txt
file. -
Enter the following command to switch to root:
su -
-
Enter the password listed in the
Passwords.txt
file.
-
-
Repeat these steps to configure the audit shares for each additional Admin Node.
-
Close the remote secure shell login to the remote Admin Node. Enter:
exit
-
-
-
Log out of the command shell:
exit
NFS audit clients are granted access to an audit share based on their IP address. Grant access to the audit share to a new NFS audit client by adding its IP address to the share, or remove an existing audit client by removing its IP address.