Protecting your Veeam Data Platform Audit Logs is another way keep your security sensitive logs safe. Using NetApp ONTAP SnapLock Write One Read Many (WORM) technology can protect you from bad actors attempting to delete your audit logs. Please make sure the NetApp ONTAP controller has a SnapLock license. The first thing you have to do is create a NetApp FlexVol (volume). I logged into NetApp ONTAP System Manager and from the main menu navigated to “Storage=>Volumes=>+Add” to get to the volume screen below (Figure 1). I filled in the fields and clicked on “More Options”(Figure 2) to display more volume options. If you enable the SnapLock option for the first time, you will be instructed to “Initialize the SnapLock compliance clock” which is required (Figure 3). Click on “Enable SnapLock” select type “Compliance” and whatever retention period is needed for your companies compliance standards for audit logs. **** Caution if you select 14 years you will not be able to delete contents for 14 years. Please test on an NetApp ONTAP Simulator if you needed hands on practice 😁 *** This type of SnapLock is strict versus selecting type “Enterprise” this allows for a trusted administrator to modify contents on this volume (Figure 4). Remember to click “Save” when you are done with your volume options. Since I clicked on “Shared via SMB/CIFS” (Figure 2) you should have an SMB share that we will add to change the storage location of the Veeam Data Platform “Audit logs location” (Figure 5) below. I created a NAS backup job then I performed a “File and Folders” restore from the NAS backup file. This will create some audit logs files in the shared location identified in (Figure 2). I attempted to delete the existing audit log files from share (Figure 6) and it failed. I also attempted a “Files and Folder” restore and it also failed (Figure 7). Since Lenovo ThinkSystem Storage is also powered by ONTAP you can perform this on ThinkSystem Storage Manager for DM Series. For more information on NetApp ONTAP Snaplock, Veeam Audit Logs, NetApp ONTAP System Manager and Lenovo ThinkServer Storage Manager see documentation links below 😀.
Veeam Documentation - Audit Logs Location
What SnapLock is
Administration overview with System Manager
Understanding ThinkSystem Storage Manager for DM Series