Applies to: Data source is a Windows computer or a NetApp filer where Analyze from source is selected
If your file system data source is a Windows computer or a NetApp filer, you can enable monitoring so that all users who accessed, modified, deleted, or renamed a file are captured. Modifying a file includes creating and changing a file.
Before using file monitoring, review the considerations for the Index Server and for the data sources.
NetApp Filer
-
If you use a NetApp c-mode filer, add an array with the necessary user credentials.
-
The Index Server that communicates with the NetApp filer must meet the following requirements:
-
The Index Server must be installed on a server that has a Windows operating system.
-
The Index Server must be installed in the same domain as the NetApp filer unless you use an access node.
-
The Index Server cannot be the proxy computer used in archiving for recalling stubs.
-
-
If you use an access node, the access node must be installed in the same domain as the NetApp filer and cannot be the proxy computer used in archiving for recalling stubs.
-
The following considerations apply when the file system data source is an NFS path:
-
You must expose the path as a CIFS so that it can be monitored.
-
The NFS protocol does not provide the user name, so the user name will not be available in Risk Analysis.
-
Version 3 of the NFS protocol (NFSv3) does not support the accessed and modified event types.
-
-
For rich text format (RTF) files, the NetApp filer does not support the create event type.
-
File operations performed on the Index Server itself are not monitored.
-
For NetApp c-mode filer, the content in the C$ share path will not be monitored even if the Source path (\\<filername>\C$ share) is specified when adding a file server data source.
Windows
-
The Index Server that communicates with the Windows data source has the following requirements:
-
The Index Server must be installed on a server that has Linux or Windows operating system.
-
The Index Server cannot be the proxy computer used in archiving for recalling stubs.
-
-
The Windows data source must have the file system agent installed. The file system agent monitors changes to the files.
Note
File monitoring might not capture the audit information for all the operations on a filer as the default size for an event log is 2 MB, and the system overwrites the log information thereafter. Commvault recommends increasing the size of the event log to avoid overwrites. For information on how to increase event log size, see "How to Change Event Viewer Settings" on the Microsoft documentation page.