From 003d843be0e0825be36bcf35f81d3d999fb47523 Mon Sep 17 00:00:00 2001 From: Nikolay Budeev Date: Fri, 28 Nov 2025 11:55:16 +0100 Subject: [PATCH 1/3] Add configuration notes for the FSA Synology datas ource --- .../10.7/configuration/fileservers/synology/configure.md | 5 ++++- .../10.8/configuration/fileservers/synology/configure.md | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/auditor/10.7/configuration/fileservers/synology/configure.md b/docs/auditor/10.7/configuration/fileservers/synology/configure.md index d6cfb045bd..53de1c34e7 100644 --- a/docs/auditor/10.7/configuration/fileservers/synology/configure.md +++ b/docs/auditor/10.7/configuration/fileservers/synology/configure.md @@ -26,6 +26,9 @@ all audit types should be enabled. **Step 4 –** Click Apply. -**NOTE:** Currently, Netwrix Auditor cannot collect activities using a local Synology user. Data +> **NOTE:** Currently, Netwrix Auditor cannot collect activities using a local Synology user. Data collection only supported via a domain user with the necessary access privileges to the Synology file server. + +> **NOTE:** Currently, Netwrix Auditor cannot collect activities on shared folders hidden using +the Synology option **Hide this shared folder in "My Network Places"**. diff --git a/docs/auditor/10.8/configuration/fileservers/synology/configure.md b/docs/auditor/10.8/configuration/fileservers/synology/configure.md index d6cfb045bd..53de1c34e7 100644 --- a/docs/auditor/10.8/configuration/fileservers/synology/configure.md +++ b/docs/auditor/10.8/configuration/fileservers/synology/configure.md @@ -26,6 +26,9 @@ all audit types should be enabled. **Step 4 –** Click Apply. -**NOTE:** Currently, Netwrix Auditor cannot collect activities using a local Synology user. Data +> **NOTE:** Currently, Netwrix Auditor cannot collect activities using a local Synology user. Data collection only supported via a domain user with the necessary access privileges to the Synology file server. + +> **NOTE:** Currently, Netwrix Auditor cannot collect activities on shared folders hidden using +the Synology option **Hide this shared folder in "My Network Places"**. From fb697681e093d4b83ca5e6216477391ee915a533 Mon Sep 17 00:00:00 2001 From: Nikolay Budeev Date: Fri, 28 Nov 2025 17:35:07 +0100 Subject: [PATCH 2/3] Common NetApp errors kb article --- .../common-netapp-errors-and-resolutions.md | 127 ++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 docs/kb/auditor/common-netapp-errors-and-resolutions.md diff --git a/docs/kb/auditor/common-netapp-errors-and-resolutions.md b/docs/kb/auditor/common-netapp-errors-and-resolutions.md new file mode 100644 index 0000000000..27a09824f8 --- /dev/null +++ b/docs/kb/auditor/common-netapp-errors-and-resolutions.md @@ -0,0 +1,127 @@ +--- +description: > + This knowledge base article provides a comprehensive guide to troubleshooting common errors encountered when configuring and using NetApp Clustered Data ONTAP with Netwrix Auditor. +keywords: + - Netwrix Auditor + - connection issues + - NetApp datasource + - insufficient privileges + - configuration issues +products: + - auditor +sidebar_label: NetApp Clustered Data ONTAP Error Resolution Guide +title: NetApp Clustered Data ONTAP Error Resolution Guide +knowledge_article_id: +--- + +# NetApp Clustered Data ONTAP Error Resolution Guide + +## Introduction +This knowledge base article provides a comprehensive guide to troubleshooting common errors encountered when configuring and using NetApp Clustered Data ONTAP with Netwrix Auditor. The following errors and their resolutions will help administrators quickly identify and resolve issues related to permissions, audit configuration, and connectivity. + +## Common NetApp Errors and Resolutions + +### Error 6104: Access Denied - Insufficient Privileges + +**Error Description:** +Unable to process item: Access is denied. Insufficient privileges: user `` does not have read/write access to this resource. + +**Cause:** +The SVM (Storage Virtual Machine) role doesn't have sufficient rights to perform the required operations. + +**Resolution:** +1. Verify that the NetApp role has been created with proper permissions. +2. Check that the DPA user is assigned to the correct role. +3. Ensure the role includes necessary ONTAPI and REST API permissions. +4. Verify both ONTAPI role and RESTAPI role configurations. + +**Documentation:** +[NetApp Role Permissions Configuration](/docs/auditor/10_8/configuration/fileservers/netappcmode/permissions#create-role-on-netapp-clustered-data-ontap-8-or-ontap-9-and-enabling-ad-user-access) + +### Error 6181: Auditing Not Enabled + +**Error Description:** +Auditing is not enabled for the target system. + +**Cause:** +SVM audit is disabled. + +**Resolution:** +1. Enable audit on the SVM using: `vserver audit enable` +2. Verify audit configuration with: `vserver audit show -instance` +3. Ensure audit destination directory exists and is accessible. +4. Configure appropriate log file size limits (recommended: 300 MB). + +**Documentation:** +[Event Categories Configuration](/docs/auditor/10_8/configuration/fileservers/netappcmode/eventcategories) + +### Error 6186: Event Log Files Deleted + +**Error Description:** +Event log files were deleted for server ``. Some changes could be lost. + +#### Scenario 1: Missing Log Files + +**Cause:** +Cannot find audit logs - logs were deleted. + +**Resolution:** +1. Check that log files are present in the SVM's log folder. +2. Verify log retention policies are properly configured. +3. Ensure sufficient disk space for log storage. +4. Review log rotation settings. + +#### Scenario 2: Wrong Log Path + +**Cause:** +The path to the log folder is wrong or has been changed. + +**Resolution:** +1. Verify the correct path to the SVM's log folder. +2. Update the audit destination if necessary: `vserver audit modify -destination ` +3. Ensure the destination directory exists and has proper permissions. + +**Documentation:** +[Event Categories Configuration](/docs/auditor/10_8/configuration/fileservers/netappcmode/eventcategories) + +### Error 6127: Incorrectly Configured Auditing Entries + +**Error Description:** +The following objects have incorrectly configured auditing entries: `` + +**Cause:** +Autoaudit is disabled and the provided list of files/folders have insufficient SACLs (System Access Control Lists) or inheritance is disabled. + +**Resolution:** +1. Check and configure proper SACLs on affected objects. +2. Enable Autoaudit feature to automatically set SACLs. +3. Verify that audit inheritance is properly configured. +4. Review CIFS share audit settings. + +**Documentation:** +[CIFS Configuration and SACL Settings](/docs/auditor/10_8/configuration/fileservers/netappcmode/cifs) + +### Error 6129: Cannot Adjust Audit Settings + +**Error Description:** +Netwrix Auditor could not adjust audit settings. + +**Cause:** +The DPA (Data Processing Account) doesn't have rights to set or change SACLs. + +**Resolution:** +1. Verify DPA user permissions on audited objects. +2. Check that the DPA account has "Manage auditing and security log" privilege. +3. Ensure proper role assignment for the DPA user. +4. Test permissions on a small subset of objects first. + +## Additional Resources +For comprehensive configuration guides and detailed setup instructions, refer to the complete Netwrix Auditor documentation: +- [NetApp Clustered Data ONTAP Configuration Overview](/docs/auditor/10_8/configuration/fileservers/netappcmode/overview) +- [Permissions and Role Management](/docs/auditor/10_8/configuration/fileservers/netappcmode/permissions) +- [CIFS Configuration and Auditing](/docs/auditor/10_8/configuration/fileservers/netappcmode/cifs) +- [Event Categories and Audit Setup](docs/auditor/10_8/configuration/fileservers/netappcmode/eventcategories) + +> **NOTE:** Ensure proper backup procedures are in place before making configuration changes. +> **NOTE:** Consider performance impacts when enabling detailed audit logging on high-traffic systems. +> **NOTE:** Regularly monitor HealthLog events to stay updated on significant occurrences. \ No newline at end of file From 8b7cf05b79460247d5b2a5ae75fe6c487a89ff38 Mon Sep 17 00:00:00 2001 From: Nikolay Budeev Date: Mon, 1 Dec 2025 13:09:33 +0100 Subject: [PATCH 3/3] Change notes --- .../common-netapp-errors-and-resolutions.md | 39 ++++++++++--------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/docs/kb/auditor/common-netapp-errors-and-resolutions.md b/docs/kb/auditor/common-netapp-errors-and-resolutions.md index 27a09824f8..b2a14e2b33 100644 --- a/docs/kb/auditor/common-netapp-errors-and-resolutions.md +++ b/docs/kb/auditor/common-netapp-errors-and-resolutions.md @@ -11,7 +11,7 @@ products: - auditor sidebar_label: NetApp Clustered Data ONTAP Error Resolution Guide title: NetApp Clustered Data ONTAP Error Resolution Guide -knowledge_article_id: +knowledge_article_id: --- # NetApp Clustered Data ONTAP Error Resolution Guide @@ -23,10 +23,10 @@ This knowledge base article provides a comprehensive guide to troubleshooting co ### Error 6104: Access Denied - Insufficient Privileges -**Error Description:** +**Error Description:** Unable to process item: Access is denied. Insufficient privileges: user `` does not have read/write access to this resource. -**Cause:** +**Cause:** The SVM (Storage Virtual Machine) role doesn't have sufficient rights to perform the required operations. **Resolution:** @@ -35,15 +35,15 @@ The SVM (Storage Virtual Machine) role doesn't have sufficient rights to perform 3. Ensure the role includes necessary ONTAPI and REST API permissions. 4. Verify both ONTAPI role and RESTAPI role configurations. -**Documentation:** +**Documentation:** [NetApp Role Permissions Configuration](/docs/auditor/10_8/configuration/fileservers/netappcmode/permissions#create-role-on-netapp-clustered-data-ontap-8-or-ontap-9-and-enabling-ad-user-access) ### Error 6181: Auditing Not Enabled -**Error Description:** +**Error Description:** Auditing is not enabled for the target system. -**Cause:** +**Cause:** SVM audit is disabled. **Resolution:** @@ -52,17 +52,17 @@ SVM audit is disabled. 3. Ensure audit destination directory exists and is accessible. 4. Configure appropriate log file size limits (recommended: 300 MB). -**Documentation:** +**Documentation:** [Event Categories Configuration](/docs/auditor/10_8/configuration/fileservers/netappcmode/eventcategories) ### Error 6186: Event Log Files Deleted -**Error Description:** +**Error Description:** Event log files were deleted for server ``. Some changes could be lost. #### Scenario 1: Missing Log Files -**Cause:** +**Cause:** Cannot find audit logs - logs were deleted. **Resolution:** @@ -73,7 +73,7 @@ Cannot find audit logs - logs were deleted. #### Scenario 2: Wrong Log Path -**Cause:** +**Cause:** The path to the log folder is wrong or has been changed. **Resolution:** @@ -81,15 +81,15 @@ The path to the log folder is wrong or has been changed. 2. Update the audit destination if necessary: `vserver audit modify -destination ` 3. Ensure the destination directory exists and has proper permissions. -**Documentation:** +**Documentation:** [Event Categories Configuration](/docs/auditor/10_8/configuration/fileservers/netappcmode/eventcategories) ### Error 6127: Incorrectly Configured Auditing Entries -**Error Description:** +**Error Description:** The following objects have incorrectly configured auditing entries: `` -**Cause:** +**Cause:** Autoaudit is disabled and the provided list of files/folders have insufficient SACLs (System Access Control Lists) or inheritance is disabled. **Resolution:** @@ -98,15 +98,15 @@ Autoaudit is disabled and the provided list of files/folders have insufficient S 3. Verify that audit inheritance is properly configured. 4. Review CIFS share audit settings. -**Documentation:** +**Documentation:** [CIFS Configuration and SACL Settings](/docs/auditor/10_8/configuration/fileservers/netappcmode/cifs) ### Error 6129: Cannot Adjust Audit Settings -**Error Description:** +**Error Description:** Netwrix Auditor could not adjust audit settings. -**Cause:** +**Cause:** The DPA (Data Processing Account) doesn't have rights to set or change SACLs. **Resolution:** @@ -122,6 +122,7 @@ For comprehensive configuration guides and detailed setup instructions, refer to - [CIFS Configuration and Auditing](/docs/auditor/10_8/configuration/fileservers/netappcmode/cifs) - [Event Categories and Audit Setup](docs/auditor/10_8/configuration/fileservers/netappcmode/eventcategories) -> **NOTE:** Ensure proper backup procedures are in place before making configuration changes. -> **NOTE:** Consider performance impacts when enabling detailed audit logging on high-traffic systems. -> **NOTE:** Regularly monitor HealthLog events to stay updated on significant occurrences. \ No newline at end of file +## Important Notes +- Ensure proper backup procedures are in place before making configuration changes. +- Consider performance impacts when enabling detailed audit logging on high-traffic systems. +- Regularly monitor HealthLog events to stay updated on significant occurrences.