Audit Log question | NetApp | Page 1

languid briar Oct 28, 2025, 7:32 PM

#

Native version 25.05.1
I enabled the audit_log.yaml by following these direction: https://github.com/NetApp/harvest/discussions/3478
I created a test volume on one of my clusters and waited a couple mins but I have not seens it populate on my dashboard yet. Do I need to enable something on the clusters itself?

GitHub

Enable AuditLog template in Harvest · NetApp harvest · Discussion...

The ONTAP: AuditLog dashboard captures operations such as create, update, and delete attempts on volumes via REST or ONTAP CLI commands. By default, this feature is disabled and is only accessible ...

buoyant saddle Oct 29, 2025, 4:13 AM

#

@languid briar Could you restart Harvest pollers. Wait for 5 minutes and then upload harvest logs @ https://upload.nabox.org/viga-vofa-hewi ?

languid briar Oct 29, 2025, 3:52 PM

#

@buoyant saddle When you say logs, is that all the poller logs or is there a specific one?

trim prawn Oct 29, 2025, 4:05 PM

#

the log files for the poller in question

languid briar Oct 29, 2025, 4:11 PM

#

I found the error:
time=2025-10-29T16:01:56.173Z level=ERROR source=collector.go:474 msg="" Poller=fas01-dt collector=Rest:AuditLog error="failed to fetchAll href=api/security/audit/messages..., hrefLength=423 err=error making request StatusCode: 403, Error: Permission denied, Message: not authorized for that command, API: /api/security/audit/messages?fields=application%2Clocation%2Cstate%2Ctimestamp%2Cuser&input=%7C%7C%7C%7C%7C%7C%7C%7C%7C%7C%2APATCH+%2Fapi%2Fstorage%2Fvolumes%2A%7C%2APOST+%2Fapi%2Fapplication%2Fapplications%2A%7C%2APOST+%2Fapi%2Fstorage%2Fvolumes%2A%7C%2Avolume+create%2A%7C%2Avolume+modify%2A%7C%2Avolume+delete%2A%7C%2APOST+%2Fapi%2Fprivate%2Fcli%2Fvolume%2A%7C%2ADELETE+%2Fapi%2Fprivate%2Fcli%2Fvolume%2A%7C%2APOST+%2Fapi%2Fprivate%2Fcli%2Fvolume%2Frename%2A%7C%2ADELETE+%2Fapi%2Fstorage%2Fvolumes%2A&return_records=true&state=success&timestamp=%3E%3D1761753536" plugin=AuditLog

#

Looks like I need to update the Harvest Role on the clusters in question

trim prawn Oct 29, 2025, 4:11 PM

#

nice find

languid briar Oct 29, 2025, 4:12 PM

#

I don't know why I forget there's logs to look at...

trim prawn Oct 29, 2025, 4:13 PM

#

I'd like to think because things usually work and you can ignore it 🙂 It's our number one way of troubleshooting

languid briar Oct 29, 2025, 4:34 PM

#

@trim prawn I get an error issuing the following cli command to add the api call to the role:
rest-role modify -vserver fas01-dt -role harvest-rest-role -api "/api/security/audit/messages" -access readonly


Error: command failed: entry doesn't exist```

#

I see the api in .../docs/api

trim prawn Oct 29, 2025, 4:35 PM

#

can you try the permissions listed in the docs? https://netapp.github.io/harvest/nightly/prepare-cdot-clusters/#rest-least-privilege-role

languid briar Oct 29, 2025, 4:40 PM

#

Okay, so although I am logically updating/modifying an existing rest-role, the proper command is to use "create" as in create an entry.

#Audit Log question