https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31873#M2900 <HTML><HEAD></HEAD><BODY><P>had a typo in my last message. that should have read:</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp; cifs sessions *</P><P></P><P>wondering if the auditing options is capable of producing the same output as "cifs sessions *"</P></BODY></HTML> Mon, 07 Feb 2011 23:05:12 GMT paulcummings 2011-02-07T23:05:12Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31853#M2896 <HTML><HEAD></HEAD><BODY><P> Is there an option setting, session command switch or performance metric to measure CIFS share session usage on a per-user basis, for the purpose of setting specific user access levels?</P></BODY></HTML> Thu, 05 Jun 2025 07:00:50 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31853#M2896 aachleman5 2025-06-05T07:00:50Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31858#M2897 <HTML><HEAD></HEAD><BODY><P>Are you trying to audit the file access, monitor disk space usage, or bandwidth ?</P><P></P><P>All three can be done with Data ONTAP.</P><P></P><P>To file access see the 'cifs.audit' family of option settings, and the 'cifs audit' command.</P><P></P><P>For disk space usage see the 'quota' command and the /etc/quotas configuration file.</P><P></P><P>To monitor bandwidth usage see the 'cifs top' command with 'options <STRONG>cifs.per_client_stats.enable'.</STRONG></P><P>Be aware that this can be a performance hit - you don't want to leave cifs.per_client_stats.enable turned on.</P><P></P><P><BR />I hope this response has been helpful to you.</P><P></P><P> <BR />At your service,</P><P></P><P></P><P></P><P>Eugene E. Kashpureff<BR /><A class="jive-link-email-small" href="mailto:ekashp@kashpureff.org" target="_blank">ekashp@kashpureff.org</A><BR />Senior Systems Architect / NetApp Certified Instructor<BR /><A class="jive-link-external-small" href="http://www.linkedin.com/in/eugenekashpureff" target="_blank">http://www.linkedin.com/in/eugenekashpureff</A></P><P></P><P> <BR />(P.S. I appreciate points for helpful or correct answers.)</P><P></P><P><BR /></P><P><STRONG><BR /></STRONG></P></BODY></HTML> Wed, 02 Feb 2011 19:28:02 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31858#M2897 ekashpureff 2011-02-02T19:28:02Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31863#M2898 <HTML><HEAD></HEAD><BODY><P> actually,&nbsp; I'm wondering if cifs auditing can basically produce the output of,&nbsp; or something close to:</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; "cifs conections *&nbsp; ":</P><P></P><P>... in a running logfile?</P><P></P><P>I guess I could always run an rsh script</P><P>froma unix box to run several times an hour for a few days to see what users are connecting to my</P><P>cifs&nbsp;&nbsp; but i was just wondering if the cifs auditing features could capture this same information?</P><P></P><P>thanks.</P></BODY></HTML> Fri, 04 Feb 2011 02:26:44 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31863#M2898 paulcummings 2011-02-04T02:26:44Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31868#M2899 <HTML><HEAD></HEAD><BODY><P>Paul -</P><P></P><P>Yes, you can get audit records of clients connecting to shares.</P><P></P><P>See <STRONG>cifs.audit.logon_events.enable</STRONG> and the definitions of the other cifs.audit option settings.</P><P></P><P><BR />I hope this response has been helpful to you.</P><P></P><P> <BR />At your service,</P><P></P><P></P><P></P><P>Eugene E. Kashpureff<BR /><A class="jive-link-email-small" href="mailto:ekashp@kashpureff.org" target="_blank">ekashp@kashpureff.org</A><BR />Senior Systems Architect / NetApp Certified Instructor<BR /><A class="jive-link-external-small" href="http://www.linkedin.com/in/eugenekashpureff" target="_blank">http://www.linkedin.com/in/eugenekashpureff</A></P><P></P><P> <BR />(P.S. I appreciate points for helpful or correct answers.)</P><P></P><P><STRONG><BR /></STRONG></P></BODY></HTML> Fri, 04 Feb 2011 18:27:49 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31868#M2899 ekashpureff 2011-02-04T18:27:49Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31873#M2900 <HTML><HEAD></HEAD><BODY><P>had a typo in my last message. that should have read:</P><P></P><P>&nbsp;&nbsp;&nbsp;&nbsp; cifs sessions *</P><P></P><P>wondering if the auditing options is capable of producing the same output as "cifs sessions *"</P></BODY></HTML> Mon, 07 Feb 2011 23:05:12 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31873#M2900 paulcummings 2011-02-07T23:05:12Z https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31877#M2901 <HTML><HEAD></HEAD><BODY><P> it looks like cifs.audit.login_events.enable and 'cifs top' don't tell you what cifs share they are hitting.&nbsp; it tells you the IP address of the client and the domain\username of the client, reads/writes, etc - but share name is not listed.</P></BODY></HTML> Mon, 07 Feb 2011 23:16:12 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/Native-DOT-options-to-enable-NTFS-share-level-auditing-of-users/m-p/31877#M2901 paulcummings 2011-02-07T23:16:12Z