09-24-2010 07:44 AM
Hello,
I'm using Netbackup 6.5.5 (enterprise edition) under Windows 2003 x32 SP2. I wonder if there is a way to trace a user doing a restore ? If yes, do I have to enable logging and for whitch process (bpkar, bprestore). The best would be to have a "centralised" way to catch it (on the master server)
Thank you for your help !!
Paolo
Solved! Go to Solution.
09-24-2010 07:53 AM
From the release notes:
"...
Audit Trails Phase 1 - Track policy changes and restore jobs. Will be CLI only for this release. Subsequent NetBackup release will leverage the OpsCenter interface.
Customer Benefit: Better understand who changed what policies and when. Also details who executed which restore jobs and what did they restore. When troubleshooting backup jobs - helps answer the question "what has changed"?
..."
09-24-2010 07:53 AM
From the release notes:
"...
Audit Trails Phase 1 - Track policy changes and restore jobs. Will be CLI only for this release. Subsequent NetBackup release will leverage the OpsCenter interface.
Customer Benefit: Better understand who changed what policies and when. Also details who executed which restore jobs and what did they restore. When troubleshooting backup jobs - helps answer the question "what has changed"?
..."
09-24-2010 07:58 AM
It's very difficult to trace this kind of action in NB 6.x. You can deploy NetBackup Access Control which allow or dissallow users to perform restores.
http://www.symantec.com/business/support/index?page=content&id=TECH52825
09-24-2010 11:53 AM
In order to determine which specific user has made changes, NetBackup Access Control must be implemented. If access control is not implemented, all audited operations will appear to be carried out by the administrator.
09-27-2010 02:04 AM
Ok, it seams I have no "easy" solutions unless I migrate to version 7 !
Thank you all for you answers !!
Paolo
09-27-2010 03:10 AM
Problem currently (pre-7.0.1) is that the real user name is not logged. All restore requests are sent to bprd on the master server, but since the user is a Local Administrator, bprd is logging the user/owner as 'root' - even on Windows master!
Extract from bprd on a Windows Master (6.x):
09:03:12 [2952.1260] <4> fileslist: owner = root
09:03:12 [2952.1260] <4> fileslist: group = root
09:03:12 [2952.1260] <4> fileslist: client = fp01
09:03:12 [2952.1260] <4> fileslist: sched_type = 12
10:26:33 [684.2440] <2> restorefiles: browse_client = fp01
10:26:33 [684.2440] <2> restorefiles: requesting_client = win-master
10:26:33 [684.2440] <2> restorefiles: destination_client = fp01
10:26:33 [684.2440] <2> restorefiles: requesting_client_hostname = win-master
10:26:33 [684.2440] <2> restorefiles: destination_client_hostname = fp01
10:26:33 [684.2440] <2> restorefiles: requesting_user = root
10:26:33 [684.2440] <2> restorefiles: requesting_group = root
No difference on a 7.0 Windows master:
00:30:02.215 [4824.6664] <2> fileslist: owner = root
00:30:02.215 [4824.6664] <2> fileslist: group = root
00:30:02.215 [4824.6664] <2> fileslist: client = fpserver
00:30:02.215 [4824.6664] <2> fileslist: sched_type = 12
00:30:02.215 [4824.6664] <2> fileslist: starttime = 1283506090
00:30:02.215 [4824.6664] <2> fileslist: endtime = 1283506090
09:02:47.448 [5920.6016] <2> restorefiles: browse_client = fpserver
09:02:47.448 [5920.6016] <2> restorefiles: requesting_client = win-master
09:02:47.448 [5920.6016] <2> restorefiles: destination_client = fp20
09:02:47.448 [5920.6016] <2> restorefiles: requesting_client_hostname = win-master
09:02:47.448 [5920.6016] <2> restorefiles: destination_client_hostname = fp20
09:02:47.448 [5920.6016] <2> restorefiles: requesting_user = root
09:02:47.448 [5920.6016] <2> restorefiles: requesting_group = root