Subscribe

Auditing "change permissions"

Hi there.

 

I´m trying to accomidate a customer to set up auditing on their SMB vserver.

 

There are no problem activating it, and it writes to the log file.

But it´s not capturing the event the customer is after.

 

They want to see if anyone change permission on a folder.

Is that even possible?

 

As i understand it´s "4670: Permissions on an object were changed" that they need.

 

I have read tr-4189 and found the list of event IDs the controller is logging.
4670 is not avaialable... but 4663 is and it captures "Read/Write Object Get/Set Object attributes"

 

Should the "change permission" be available in that eventID, or is it impossible to audit folder permission changes on a NetApp vserver?

 

(Running cDOT 8.3.1)