topic netapp increase security log in General Discussion https://community.netapp.com/t5/General-Discussion/netapp-increase-security-log/m-p/149073#M499 <P>Hello team!</P> <P>I turned on the cifs.audit.liveview.enable feature so that NetApp logs were written to security log so that later my SIEM could take them. But NetApp creates a large number of adtlog.YEAR_MONTH_DAY_NUMBER.evt files with a volume not exceeding 1000kb. This is very bad for handling such logs. Is it possible for NetApp to insist on log files exceeding 1000 kb with the cifs.audit.liveview.enable feature enabled?</P> <P>Here are my settings:</P> <P>&nbsp;</P> <P>&gt; options cifs.audit</P> <P>cifs.audit.account_mgmt_events.enable on</P> <P>cifs.audit.autosave.file.extension timestamp</P> <P>cifs.audit.autosave.file.extension.nanosecond_precision off</P> <P>cifs.audit.autosave.file.limit 999</P> <P>cifs.audit.autosave.onsize.enable on</P> <P>cifs.audit.autosave.onsize.threshold 99%</P> <P>cifs.audit.autosave.ontime.enable on</P> <P>cifs.audit.autosave.ontime.interval 5h</P> <P>cifs.audit.enable&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; on</P> <P>cifs.audit.file_access_events.enable on</P> <P>cifs.audit.liveview.allowed_users</P> <P>cifs.audit.liveview.enable&nbsp;&nbsp; on</P> <P>cifs.audit.logon_events.enable on</P> <P>cifs.audit.logsize&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 104857600</P> <P>cifs.audit.nfs.enable&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; off</P> <P>cifs.audit.nfs.filter.filename</P> <P>cifs.audit.saveas&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /etc/log/audit/adtlog.evt</P> Wed, 04 Jun 2025 12:27:13 GMT ANANEVVYAC 2025-06-04T12:27:13Z netapp increase security log https://community.netapp.com/t5/General-Discussion/netapp-increase-security-log/m-p/149073#M499 <P>Hello team!</P> <P>I turned on the cifs.audit.liveview.enable feature so that NetApp logs were written to security log so that later my SIEM could take them. But NetApp creates a large number of adtlog.YEAR_MONTH_DAY_NUMBER.evt files with a volume not exceeding 1000kb. This is very bad for handling such logs. Is it possible for NetApp to insist on log files exceeding 1000 kb with the cifs.audit.liveview.enable feature enabled?</P> <P>Here are my settings:</P> <P>&nbsp;</P> <P>&gt; options cifs.audit</P> <P>cifs.audit.account_mgmt_events.enable on</P> <P>cifs.audit.autosave.file.extension timestamp</P> <P>cifs.audit.autosave.file.extension.nanosecond_precision off</P> <P>cifs.audit.autosave.file.limit 999</P> <P>cifs.audit.autosave.onsize.enable on</P> <P>cifs.audit.autosave.onsize.threshold 99%</P> <P>cifs.audit.autosave.ontime.enable on</P> <P>cifs.audit.autosave.ontime.interval 5h</P> <P>cifs.audit.enable&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; on</P> <P>cifs.audit.file_access_events.enable on</P> <P>cifs.audit.liveview.allowed_users</P> <P>cifs.audit.liveview.enable&nbsp;&nbsp; on</P> <P>cifs.audit.logon_events.enable on</P> <P>cifs.audit.logsize&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 104857600</P> <P>cifs.audit.nfs.enable&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; off</P> <P>cifs.audit.nfs.filter.filename</P> <P>cifs.audit.saveas&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /etc/log/audit/adtlog.evt</P> Wed, 04 Jun 2025 12:27:13 GMT https://community.netapp.com/t5/General-Discussion/netapp-increase-security-log/m-p/149073#M499 ANANEVVYAC 2025-06-04T12:27:13Z