2016-10-28 06:28 AM
I´m trying to accomidate a customer to set up auditing on their SMB vserver.
There are no problem activating it, and it writes to the log file.
But it´s not capturing the event the customer is after.
They want to see if anyone change permission on a folder.
Is that even possible?
As i understand it´s "4670: Permissions on an object were changed" that they need.
I have read tr-4189 and found the list of event IDs the controller is logging.
4670 is not avaialable... but 4663 is and it captures "Read/Write Object Get/Set Object attributes"
Should the "change permission" be available in that eventID, or is it impossible to audit folder permission changes on a NetApp vserver?
(Running cDOT 8.3.1)