Subscribe

CIFS Auditing

[ Edited ]

DOT 8.1.4 

I configured CIFS Auditing...and made the cifs.audit.saveas option to another volume then the default vol0.

cifs auditing is working fine. Logs are being sent to that partiicular volume (CIFS Share). but in /etc/messages i am getting an WARNING message..

ALF I/O warning for file /etc/log/cifsaudit.alf: the audit log is empty.

 

i have space in that volume on which audit logs are being saved. but cudnt get why i am receiving this msg.

Need help

Regards

Re: CIFS Auditing

"This will occur if the autosave is based on a timer value AND no auditing events occur during that time interval"

 

there is a bug report that describes this issue

Re: CIFS Auditing

Hey Foxtrot... we have a great audit and reporting tool. It is a lot easier to set up and it works. It is pretty cheap and grabs more info than anything we've seen so far. Take a look at the tools at Arxscan.