NFSv3 file auditing | NetApp | Page 1

sleek skiff Aug 5, 2025, 4:13 PM

#

Is there any way to log file access (open/permission changes) from Ontap? Everything I have found so far says to use ace auditing with NFSv4.

ocean pewter Aug 5, 2025, 4:16 PM

#

believe ACE is the recommended option.
you can also use SLAG I believe.

#

not sure if fpolicy will audit NFS or just smb

sleek skiff Aug 5, 2025, 4:22 PM

#

From what I can tell SLAG is just NTFS, this volume is UNIX security style. This used to be so simple back in 7-mode (or even my Solaris days). You just would ask the kernel to log any time a file open or modify was done and you would get a log entry.

ocean pewter Aug 5, 2025, 4:37 PM

#

hrm. yea, the only thing I'm seeing is audit logging for NFSv4 and nothing about 3, anywhere

autumn ruin Aug 24, 2025, 2:19 AM

#

NFSv4 audit ACLs are what you need to add in order to perform native auditing as discussed in the following KB. It's a one-time process and will audit NFSv3 and NFSv4.x operations. https://kb.netapp.com/on-prem/ontap/da/NAS/NAS-KBs/How_to_enable_auditing_of_NFS_events_in_ONTAP_9

NetApp Knowledge Base

How to enable auditing of NFS events in ONTAP 9

Article covers the steps how to enable auditing of NFS events on ONTAP 9 systems

gray blaze Aug 25, 2025, 5:56 PM

#

Didn't know you can use NAS auditing with NFSv3. Thanks for the KB.

#NFSv3 file auditing