cancel
Showing results for 
Search instead for 
Did you mean: 

Reason for policy deactivation

Ivan_Omar
Level 2

Hello.

 

We have found some policies deactivated in our Netbackup deployment. I would like to know if there is a place/log that we can check in order to identify the reason or date of the deactivation of such policies.

 

Best regards.

1 ACCEPTED SOLUTION

Accepted Solutions

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified
Only if you have Auditing enabled. This will give you date and time but not the reason or the user. User will be logged if you have NBAC configured.

View solution in original post

6 REPLIES 6

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified
Only if you have Auditing enabled. This will give you date and time but not the reason or the user. User will be logged if you have NBAC configured.

Nicolai
Moderator
Moderator
Partner    VIP   

Check for de-activated policies is something that should be carried out on a daily basic.

Its not un-common to de-activate policies if Netbackup server is being re-started. Admin could have forgot to enable them again - this is purely human.

Test policies should be named with a prefix/post-fixed to indicate this. e.g UNIX_FS_TEST

WVT
Level 4
Partner Accredited Certified
If you go to /usr/openv/netbackup/db/class directory or corresponding Windows directory ,you will see your policies listed as files .if you deactivate a policy, modify date will show it with ls -al ...and if you have date and time it may be possible to line up with OS log. Login from ip x.x.x.x on date/time.

Ivan_Omar
Level 2

The policies were activated now so I assume that the date of the files would be the one of the last activation. I think that the only possibility now would be have Audit enabled. So we can have a history of the activations/deactivations of the policies. Is this right? If so I would mark that answer as a solution.

I think that the restart of the Netbackup server will not be the issue since the problem was only with 3 policies, the other 10 policies were activated.

Thanks!

 

 

Systems_Team
Moderator
Moderator
   VIP   

Hi Ivan,

One other option is if you have Ops Center, there is an Alert Policy that will do just what you want.

It's the "Job Policy Change" alert (An alert is generated when one or more job policies change), and is listed under "Others" in the Alert Conditions.

I enable this as one of my default alerts, as I find it very useful.  I get an email when there is any change to a policy (change, add, delete, deactivate, etc).  It doesn't tell you who made the change, but it gives you the "what changed and when".

Hope that helps,

Steve

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified
If memory serves me right, as from NBU 7.6 nbaudit should be enabled by default. I will look for commands when I have access to manuals a bit later. At least this will give you the 'when'. *** Edit *** nbauditreport. I found this post : https://www-secure.symantec.com/connect/forums/nbu-auditing-logs-root-user