Data ONTAP can log NDMP connection attempts in the /etc/messages file. These entries enable an administrator to determine whether and when authorized or unauthorized individuals are attempting to start NDMP sessions. The default value is off.
Steps
- Start a console session on the storage system on which you want to enable or disable NDMP connection monitoring.
- Enter the following command:
options ndmpd.connectlog.enabled {on|off} Note: The value you set for this option will persist across storage system reboots.
- If you want to check attempted NDMP connection activity, use your UNIX or Windows Admin host to view your storage system’s /etc/messages file.
Entries recording attempted NDMP connections or operations will display the following fields:
- Time
- Thread
- NDMP request and action (allow or refuse)
- NDMP version
- Session ID
- Source IPv4 or IPv6 address (address from where the NDMP request originated)
- Destination IPv4 or IPv6 address (address of the storage system receiving the NDMP request)
- Source port (through which the NDMP request was transmitted)
- Storage system port (through which the NDMP request was received)
Example
Thu Apr 15 09:27:00 GMT Apr 15 09:27:00 [host1:ndmp.connection.accept:info]: ndmpd.access allowed for version = 4, sessionId = 2922, from src ip = 192.0.2.68, dst ip = 192.0.2.100, src port = 41855, dst port = 10000
