Subscribe

Native DOT options to enable NTFS share-level auditing of users

Is there an option setting, session command switch or performance metric to measure CIFS share session usage on a per-user basis, for the purpose of setting specific user access levels?

Re: Native DOT options to enable NTFS share-level auditing of users

Are you trying to audit the file access, monitor disk space usage, or bandwidth ?

All three can be done with Data ONTAP.

To file access see the 'cifs.audit' family of option settings, and the 'cifs audit' command.

For disk space usage see the 'quota' command and the /etc/quotas configuration file.

To monitor bandwidth usage see the 'cifs top' command with 'options cifs.per_client_stats.enable'.

Be aware that this can be a performance hit - you don't want to leave cifs.per_client_stats.enable turned on.


I hope this response has been helpful to you.


At your service,

Eugene E. Kashpureff
ekashp@kashpureff.org
Senior Systems Architect / NetApp Certified Instructor
http://www.linkedin.com/in/eugenekashpureff


(P.S. I appreciate points for helpful or correct answers.)



Re: Native DOT options to enable NTFS share-level auditing of users

actually,  I'm wondering if cifs auditing can basically produce the output of,  or something close to:

          "cifs conections *  ":

... in a running logfile?

I guess I could always run an rsh script

froma unix box to run several times an hour for a few days to see what users are connecting to my

cifs   but i was just wondering if the cifs auditing features could capture this same information?

thanks.

Re: Native DOT options to enable NTFS share-level auditing of users

Paul -

Yes, you can get audit records of clients connecting to shares.

See cifs.audit.logon_events.enable and the definitions of the other cifs.audit option settings.


I hope this response has been helpful to you.


At your service,

Eugene E. Kashpureff
ekashp@kashpureff.org
Senior Systems Architect / NetApp Certified Instructor
http://www.linkedin.com/in/eugenekashpureff


(P.S. I appreciate points for helpful or correct answers.)


Re: Native DOT options to enable NTFS share-level auditing of users

had a typo in my last message. that should have read:

     cifs sessions *

wondering if the auditing options is capable of producing the same output as "cifs sessions *"

Re: Native DOT options to enable NTFS share-level auditing of users

it looks like cifs.audit.login_events.enable and 'cifs top' don't tell you what cifs share they are hitting.  it tells you the IP address of the client and the domain\username of the client, reads/writes, etc - but share name is not listed.