Complete the following fields:

Option Description

Specify NetApp file server

Provide a server name by entering its FQDN, NETBIOS or IPv4 address. You can click Browse to select a computer from the list of computers in your network.

File share UNC path to audit logs

Select one of the following:

  • Detect automatically—If selected, a shared resource will be detected automatically.
  • Use this path—UNC path to the file share located on a NetApp Filer with event log files (e.g., \\CORP\ETC$\log\).

Specify the account for collecting data

Select the account that will be used to collect data for this item. If you want to use a specific account (other than the one you specified during monitoring plan creation), select Custom account and enter credentials. The credentials are case sensitive.

NOTE: A custom account must be granted the same permissions and access rights as the default account used for data collection. See Data Collecting Account for more information.


Specify protocol for accessing ONTAPI

Select one of the following:

  • Detect automatically—If selected, a connection protocol will be detected automatically.
  • HTTP

Specify management interface

Select management interface to connect to ONTAPI. If you want to use custom management interface for ONTAPI, select Custom and provide a server name by entering its FQDN, NETBIOS or IP address.

Specify account for connecting to ONTAPI

Select an account to connect to NetApp and collect data through ONTAPI. If you want to use a specific account (other than the one you specified on the General tab), select Custom and enter credentials. The credentials are case sensitive.

Take into consideration that even if a custom account is specified, the account selected on the General tab must be a member of the Builtin\Administrators group and have sufficient permissions to access audit logs shared folder and audited shares.

NOTE: See Data Collecting Account for more information.


Monitor hidden shares

By default, Netwrix Auditor will monitor all shares stored in the specified location, except for hidden shares (both default and user-defined). Select Monitor user-defined hidden shares if necessary.

IMPORTANT! Even when this option is selected, the product will not collect data from administrative hidden shares such as: default system root or Windows directory (ADMIN$), default drive shares (D$, E$, etc.), shares used by printers to enable remote administration (PRINT$), etc.

NOTE: Monitoring of non-default hidden shares is not supported for NetApp servers in 7-mode.

Specify monitoring restrictions

Specify restriction filters to narrow your monitoring scope (search results, reports and Activity Summaries). All filters are applied using AND logic.

Refer to Configure Scope for detailed instructions on how to narrow your monitoring scope.

TIP: In addition to the restrictions for a monitoring plan, you can use the *.txt files to collect more granular audit data. Note that the new monitoring scope restrictions apply together with previous exclusion settings configured in the *.txt files. Review the following for more information: Exclude Objects from Monitoring Scope

Configure Scope

You can configure Netwrix Auditor to audit all file shares except for ones added as exclusions. For that, under Specify monitoring restrictions, select All file shares in the array. You can also create lists of specific file shares to include and/or exclude from being audited. Review the following for additional information:

To add inclusion

  1. Under Specify monitoring restrictions, select Specific file shares.
  2. Click Add Inclusion.
  3. Provide UNC path to a shared resource. For example: NewStation\Shared.

    NOTE: Do not specify a default file share mapped to a local drive (e.g., \\Server\e$).

To add exclusion

Click Add Exclusion, then in the Specify Filters dialog do the following:

  1. Provide the path to the file share where you are going to exclude some audit data. Use the path format as it appears in the "What" column of reports and Activity Summaries — for example, \\corpsrv\shared.

    NOTE: You can use a wildcard (*) only if you need to exclude user activity on this file share. For other data types (state-in-time or all data) wildcards are not supported. This refers to the specified shared folder, its subfolders and files.

  2. Select what type of data you want to exclude:

    Option Description Example
    All Data

    Select if you want to completely exclude the specified file share from being audited.

    The product will not collect any user activity or state-in-time data.

    NOTE: In this case,Netwrix Auditor does not adjust audit settings automatically for the selected folders.

    A Security Officer wants to monitor a file share but s/he does not have access to a certain folder on this share. Thus, s/he configures the product not to monitor this folder at all.
    State-in-Time Select to configure Netwrix Auditor to exclude data for the state-in-time reports from the monitoring scope. A Security Officer wants to monitor a file share, but it contains a folder with a huge amount of objects, so s/he does not want Netwrix Auditor to collect state-in-time data for this folder.
    User Activity

    Select to exclude actions performed by specific users on the selected file share. See the procedure below for details.

    NOTE: In this case, the product still collects stat-in-time data for this share.

    A Security Officer wants to monitor a file share that contains a public folder for which s/he does not want to collect Read operations.

    To exclude specific user activity:

    1. Specify what user accounts should be excluded:

      • All Users — select to exclude the activity of any user on the file share you specified.
      • These users — select to exclude specific users' activity. Provide user names as shown in the "Who" column in reports and Activity Summaries, e.g., MyDomain\user1. To enter multiple accounts, use comma as a separator.
    2. Specify what actions should be excluded:

      • All actions — exclude all actions of the selected users
      • These actions: — use the drop-down list to select the actions to exclude, e.g. Added and Moved.

After configuring all filters, click Add to save them and return to the item settings.