Manual configuration

This section details the procedure to configure the required NetApp audit policies manually in your target vFilers.

Audit policies must be configured to ensure that events are logged whenever any activity occurs in your NetApp filers. They are set via the NetApp Filer command prompt, which is accessible through an SSH/Telnet connection.

To configure the audit policies, connect to the filer via SSH and execute these basic commands:

• To get an option value:
  options < option_name >
• To set the option value:
  options < option_name > < option_value >

For example, to enable the cifs.audit.enable option, execute the following command:

options cifs.audit.enable on

Note: For a full list of commands along with their descriptions, refer to this NetApp document.

Execute the commands below to specify when automatic saves occur, the maximum number of automatically-saved files, and other prerequisites. These audit options have to be enabled in the NetApp filer via SSH to generate the required file audit events and automatically capture them as EVT files.

• options cifs.audit.account_mgmt_events.enable off
• options cifs.audit.logon_events.enable off
• options cifs.audit.liveview.enable off
• options cifs.audit.enable on
• options cifs.audit.file_access_events.enable on
• options cifs.audit.autosave.file.extension timestamp
• options cifs.audit.autosave.file.limit 10
• options cifs.audit.autosave.onsize.enable on
• options cifs.audit.autosave.onsize.threshold 100%
• options cifs.audit.autosave.ontime.enable off
• options cifs.audit.logsize 268435456

Further, you must disable the cifs.audit.liveview.enable option since it interferes with ADAudit Plus's processing of the collected audit data.

Note: For more information on these commands and settings, refer to this NetApp document.