由于可从进行并发访问,经常断开与 FPolicy 服务器的连接 两个不同的收集器
适用场景
- ONTAP 9
- 瓦隆斯
- FPolicy
问题描述
- 与 FPolicy 服务器的连接经常断开连接
- 事件日志中可能会显示以下错误消息:
[cluster-01: mgwd: mgmt.fpolicy.policy.disabled:info]: FPolicy policy Varonis is disabled on Vserver SVM.
[cluster-01: fpolicy: fpolicy.server.disconnect:error]: Connection to the FPolicy server "10.10.10.51" is broken ( reason: "FPolicy server is removed from external engine." ).
- ASUP 下的 audit-MLOG-TXT.GZ 将显示传入的 fpolicy disable/enable ONTAPI 请求 来自 2 个不同的服务器
[kern_audit:info:1840] 8503e80002f1f371 :: cluster-s1:ontapi :: 10.10.10.51:49623 :: SVM:DOMAIN\priv_user :: fpolicy-disable-policy :: Success:
[kern_audit:info:1840] 8503e80002f1f399 :: cluster-s1:ontapi :: 10.10.10.51:49626 :: SVM:DOMAIN\priv_user :: fpolicy-enable-policy :: Success:
[kern_audit:info:1840] 8503e80002f1f4bc :: cluster-s1:ontapi :: 10.11.12.91:54216 :: SVM:DOMAIN\priv_user :: fpolicy-disable-policy :: Success:
[kern_audit:info:1840] 8503e80002f1f4f8 :: cluster-s1:ontapi :: 10.11.11.91:54221 :: SVM:DOMAIN\priv_user :: fpolicy-enable-policy :: Success:
- 运行
vserver fpolicy show
背靠背命令可能会在状态列中显示不一致的结果