2011-02-24 03:22 PM
The best way to capture this audit log is by using a Log Management product like LogLogic. LogLogic appliances support collecting logs using file pulls (as well as receiving syslog and other "push" log data.)
With LogLogic, you can define a cifs share, and the LogLogic appliance can pull the log on a schedule. The LogLogic system can then analyze and parse the file for reporting. The configuration is done through a simple gui and is well documented in the LogLogic Administrator Guide. You can find more information on this at the LogLogic web site, http://www.loglogic.com
Message was edited by: jackl51047
2011-02-25 11:21 AM
Thank you so much for the information about LogLogic. I have reached out to them for more information and a possible call or web demo.
I have one more question.... Are you or anyone familiar with “TriGeo”? Have you heard anything about TriGeo in comparison to LogLogic?
Here is their website: http://www.trigeo.com/products/
2011-02-28 08:39 AM
we are actually currently implementing TriGeo and we're trying to find the best way to get the CIFS audit logs from the Netapp to TriGeo. Still examining this. But judging from this thread it looks like "push" is out of the question
Do you have any experience with TriGeo or is it something you're looking into?
2011-06-21 12:38 PM
We were able to get it set up using Trigeo, but the Trigeo tool for Netapp is still in beta, so Trigeo customers will need to request it.
We're currently only monitoring one folder on each filer and it has been tested by our Trigeo administrator and it works. We've only used it for about 6 weeks now though.