Go Up
You are here: DeploymentConfigure IT InfrastructureNetApp FilerConfigure NetApp Clustered Data ONTAP 8 and ONTAP 9 for Monitoring

Configure NetApp Clustered Data ONTAP 8 and ONTAP 9 for Monitoring

To configure Clustered Data ONTAP 8 and ONTAP 9 for monitoring, perform the following procedures:

Prerequisites

Netwrix assumes that you are aware of basic installation and configuration steps. If not, refer to the following administration and management guides.

Version Related documentation

Clustered Data ONTAP 8.2

 

Clustered Data ONTAP 8.3

 

ONTAP 9.0 and 9.1

Perform the steps below before proceeding with audit configuration:

  1. Configure CIFS server and make sure it functions properly.

    NOTE: NFS file shares are not supported.

  2. Configure System Access Control List (SACL) on your file share. See Configure Audit Settings for CIFS File Shares for more information.
  3. Set the Security Style for Volume or Qtree where the audited file shares are located to the "ntfs" or "mixed".
  4. Configure audit manually. For 8.3, review the Auditing NAS events on SVMs with FlexVol volumes section in Clustered Data ONTAP® 8.3 File Access Management Guide for CIFS.

    NOTE: The current version of Netwrix Auditor does not support auditing of Infinite Volumes.

Configure ONTAPI Web Access

Netwrix Auditor uses ONTAPI to obtain the current CIFS audit configuration and force the audit data flush from the internal filer format to an MS Event Viewer compatible format. Netwrix Auditor supports both the SSL and non-SSL HTTP access, trying HTTPS first, and falling back to HTTP if it is unavailable.

  1. Navigate to your cluster command prompt through the SSH/Telnet connection.

  2. Log in as a cluster administrator and review your current web access settings. Make sure that External Web Services are allowed. For example:

    cluster1::> system services web show
    External Web Services: true
    Status: online
    HTTP Protocol Port: 80
    HTTPs Protocol Port: 443
    TLSv1 Enabled: true
    SSLv3 Enabled: true
    SSLv2 Enabled: false
  3. Enable ONTAPI access on the SVM where CIFS server is set up and configured. The example command output shows correct web access settings where vs1 is your SVM name.

    cluster1::> vserver services web show -vserver vs1  
    Vserver Type Service Name Description Enabled
    ---------- ------- -------- ----------------------- ------
    vs1 data ontapi Remote Administrative API true
          Support  
  4. Enable HTTP/HTTPS access. For example:

    cluster1::> vserver services web modify -vserver vs1 -name ontapi -enabled true

  5. Enable only SSL access (HTTPS in Netwrix Auditor). For example:

    cluster1::> vserver services web modify -vserver vs1 -name ontapi -enabled true -ssl-only true

  6. Make sure that the builtin vsadmin role or a custom role (e.g., fsa_role) assigned to your account specified for data collection can access ONTAPI. For example:

    cluster2::> vserver services web access show -vserver vs2
    Vserver Type Service Name Role
    -------------- ------- ------------ ---------------
    vs2 data ontapi fsa_role
    vs2 data ontapi vsadmin
    vs2 data ontapi vsadmin-protocol
    vs2 data ontapi vsadmin-readonly
    vs2 data ontapi vsadmin-volume
    5 entries were displayed.

Configure Firewall Policy

Configure firewall to make file shares and Clustered Data ONTAP HTTP/HTTPS ports accessible from the computer where Netwrix Auditor Server is installed. Your firewall configuration depends on network settings and security policies in your organization. Below is an example of configuration:

  1. Navigate to your cluster command prompt through the SSH/Telnet connection.
  2. Log in as a cluster administrator and review your current firewall configuration. For example:

    cluster1::> system services firewall show
    Node Enabled Logging
    ------------ ------------ -------
    cluster1-01 true false
  3. Create firewall policy or edit existing policy to allow HTTP/HTTPS (note that modifying a policy you may overwrite some settings). For example:

    To... Execute...
    NetApp Clustered Data ONTAP 8.2
    Create a policy

    cluster1::> system services firewall policy create -policy pol1 -service http -vserver vs1 -action allow -ip-list 192.168.1.0/24

    cluster1::> system services firewall policy create -policy pol1 -service https -vserver vs1 -action allow -ip-list 192.168.1.0/24

    Modify existing policy

    cluster1::> system services firewall policy modify -policy pol1 -service http -vserver vs1 -action allow -ip-list 192.168.1.0/24

    cluster1::> system services firewall policy modify -policy pol1 -service https -vserver vs1 -action allow -ip-list 192.168.1.0/24

    NetApp Clustered Data ONTAP 8.3, ONTAP 9.0, and ONTAP 9.1

    Create a policy

    cluster1::> system services firewall policy create -policy pol1 -service http -vserver vs1 -allow-list 192.168.1.0/24

    cluster1::> system services firewall policy create -policy pol1 -service https -vserver vs1 -allow-list 192.168.1.0/24

    Modify existing policy

    cluster1::> system services firewall policy modify -policy pol1 -service http -vserver vs1 -allow-list 192.168.1.0/24

    cluster1::> system services firewall policy modify -policy pol1 -service https -vserver vs1 -allow-list 192.168.1.0/24

    where pol1 is your Firewall policy name and 192.168.1.0/24 is your subnet where Netwrix Auditor Server resides.

  4. Apply the firewall policy to a LIF.

    cluster1::>network interface modify -vserver vs1 -lif vs1-cifs-lif1 -firewall-policy pol1

    To verify the policy was applied correctly, execute the following:

    cluster1::>network interface show -fields -firewall-policy

Configure Event Categories and Log

Perform the following procedures to configure audit:

Go Up