Table of ContentsView in Frames

Planning the FPolicy event configuration

Before you configure FPolicy events, you must understand what it means to create an FPolicy event. You must determine which protocols you want the event to monitor, which events to monitor, and which event filters to use. This information helps you plan the values that you want to set.

What it means to create an FPolicy event

Creating the FPolicy event means defining information that the FPolicy process needs to determine what file access operations to monitor and for which of the monitored events notifications should be sent to the external FPolicy server. The FPolicy event configuration defines the following configuration information:

Note: There is a dependency with three of the parameters (-protocol, -file-operations, -filters). The following are the valid combinations for the three parameters:
  • You can specify the -protocol and -file-operations parameters.
  • You can specify all three of the parameters.
  • You can specify none of the parameters.

What the FPolicy event configuration contains

You can use the following list of available FPolicy event configuration parameters to help you plan your configuration:

Type of information Option
SVM

Specifies the SVM name that you want to associate with this FPolicy event.

Each FPolicy configuration is defined within a single SVM. The external engine, policy event, policy scope, and policy that combine together to create an FPolicy policy configuration must all be associated with the same SVM.

-vserver vserver_name
Event name

Specifies the name to assign to the FPolicy event. When you create the FPolicy policy you associate the FPolicy event with the policy using the event name.

The name can be up to 256 characters long.

Note: The name can be up to 200 characters long if configuring the event in a MetroCluster configuration.

The name can contain any combination of the following ASCII-range characters:

  • a through z
  • A through Z
  • 0 through 9
  • "_", "-", and "."
-event-name event_name
Protocol

Specifies which protocol to configure for the FPolicy event. The list for -protocol can include one of the following values:

  • cifs
  • nfsv3
  • nfsv4
Note: If you specify -protocol, then you must specify a valid value in the -file-operations parameter. As the protocol version changes, the valid values might change.
-protocol protocol
File operations

Specifies the list of file operations for the FPolicy event.

The event checks the operations specified in this list from all client requests using the protocol specified in the -protocol parameter. You can list one or more file operations by using a comma-delimited list. The list for -file-operations can include one or more of the following values:

  • close for file close operations
  • create for file create operations
  • create-dir for directory create operations
  • delete for file delete operations
  • delete_dir for directory delete operations
  • getattr for get attribute operations
  • link for link operations
  • lookup for lookup operations
  • open for file open operations
  • read for file read operations
  • write for file write operations
  • rename for file rename operations
  • rename_dir for directory rename operations
  • setattr for set attribute operations
  • symlink for symbolic link operations
Note: If you specify-file-operations, then you must specify a valid protocol in the -protocol parameter.
-file-operations file_operations,...
Filters

Specifies the list of filters for a given file operation for the specified protocol. The values in the -filters parameter are used to filter client requests. The list can include one or more of the following:

  • monitor-ads to filter the client request for alternate data stream
  • close-with-modification to filter the client request for close with modification
  • close-without-modification to filter the client request for close without modification
  • first-read to filter the client request for first read
  • first-write to filter the client request for first write
  • offline-bit to filter the client request for offline bit set

    Setting this filter results in the FPolicy server receiving notification only when offline files are accessed.

  • open-with-delete-intent to filter the client request for open with delete intent

    Setting this filter results in the FPolicy server receiving notification only when an attempt is made to open a file with the intent to delete it. This is used by file systems when the FILE_DELETE_ON_CLOSE flag is specified.

  • open-with-write-intent to filter client request for open with write intent

    Setting this filter results in the FPolicy server receiving notification only when an attempt is made to open a file with the intent to write something in it.

  • write-with-size-change to filter the client request for write with size change
Note: If you specify the -filters parameter, then you must also specify valid values for the -file-operations and -protocol parameters.
-filters filter, ...
Is volume operation required

Specifies whether monitoring is required for volume mount and unmount operations. The default is false.

-volume-operation {true|false}