Displaying security trace results

You can display the security trace results generated for file operations that match security trace filters. You can use the results to validate your file access security configuration or to troubleshoot SMB and NFS file access issues.

An enabled security trace filter must exist and operations must have been performed from an SMB or NFS client that matches the security trace filter to generate security trace results.

You can display a summary of all security trace results, or you can customize what information is displayed in the output by specifying optional parameters. This can be helpful when the security trace results contain a large number of records.

If you do not specify any of the optional parameters, the following is displayed:

storage virtual machine (SVM) name
Node name
Security trace index number
Security style
Path
Reason
User name
The user name displayed depends on how the trace filter is configured:
If the filter is configured... Then...
With a Windows user name The security trace result displays the Windows user name.
Without a user name The security trace result displays the Windows user name.

If the filter is configured...	Then...
With a Windows user name	The security trace result displays the Windows user name.
Without a user name	The security trace result displays the Windows user name.

You can customize the output by using optional parameters. Some of the optional parameters that you can use to narrow the results returned in the command output include the following:

Optional parameter	Description
-fields `field_name`, ...	Displays output on the fields you choose. You can use this parameter either alone or in combination with other optional parameters.
-instance	Displays detailed information about security trace events. Use this parameter with other optional parameters to display detailed information about specific filter results.
-node `node_name`	Displays information only about events on the specified node.
-vserver `vserver_name`	Displays information only about events on the specified SVM.
-index `integer`	Displays information about the events that occurred as a result of the filter corresponding to the specified index number.
-client-ip `IP_address`	Displays information about the events that occurred as a result of file access from the specified client IP address.
-path `path`	Displays information about the events that occurred as a result of file access to the specified path.
-user-name `user_name`	Displays information about the events that occurred as a result of file access by the specified Windows user.
-security-style `security_style`	Displays information about the events that occurred on file systems with the specified security style.

See the man page for information about other optional parameters that you can use with the command.

Display security trace filter results by using the vserver security trace trace-result show command.

vserver security trace trace-result show -user-name domain\user

Vserver: vs1

     Node     Index   Filter Details          Reason
     -------- ------- ---------------------   -----------------------------
     node1    3       User:domain\user        Access denied by explicit ACE
                      Security Style:mixed
                      Path:/dir1/dir2/

Give documentation feedback