Forum Discussion

Ivan_Omar's avatar
Ivan_Omar
Level 2
9 years ago

Reason for policy deactivation

Hello.

 

We have found some policies deactivated in our Netbackup deployment. I would like to know if there is a place/log that we can check in order to identify the reason or date of the deactivation of such policies.

 

Best regards.

  • Only if you have Auditing enabled. This will give you date and time but not the reason or the user. User will be logged if you have NBAC configured.
  • Only if you have Auditing enabled. This will give you date and time but not the reason or the user. User will be logged if you have NBAC configured.
  • Check for de-activated policies is something that should be carried out on a daily basic.

    Its not un-common to de-activate policies if Netbackup server is being re-started. Admin could have forgot to enable them again - this is purely human.

    Test policies should be named with a prefix/post-fixed to indicate this. e.g UNIX_FS_TEST

  • If you go to /usr/openv/netbackup/db/class directory or corresponding Windows directory ,you will see your policies listed as files .if you deactivate a policy, modify date will show it with ls -al ...and if you have date and time it may be possible to line up with OS log. Login from ip x.x.x.x on date/time.
  • The policies were activated now so I assume that the date of the files would be the one of the last activation. I think that the only possibility now would be have Audit enabled. So we can have a history of the activations/deactivations of the policies. Is this right? If so I would mark that answer as a solution.

    I think that the restart of the Netbackup server will not be the issue since the problem was only with 3 policies, the other 10 policies were activated.

    Thanks!

     

     

  • Hi Ivan,

    One other option is if you have Ops Center, there is an Alert Policy that will do just what you want.

    It's the "Job Policy Change" alert (An alert is generated when one or more job policies change), and is listed under "Others" in the Alert Conditions.

    I enable this as one of my default alerts, as I find it very useful.  I get an email when there is any change to a policy (change, add, delete, deactivate, etc).  It doesn't tell you who made the change, but it gives you the "what changed and when".

    Hope that helps,

    Steve

  • If memory serves me right, as from NBU 7.6 nbaudit should be enabled by default. I will look for commands when I have access to manuals a bit later. At least this will give you the 'when'. *** Edit *** nbauditreport. I found this post : https://www-secure.symantec.com/connect/forums/nbu-auditing-logs-root-user