https://community.netapp.com/t5/Network-and-Storage-Protocols/CIFS-Auditing-Need-Help-and-Recommendations/m-p/3558#M349 <HTML><HEAD></HEAD><BODY><P>Hi Guys,</P><P></P><P>Can some one help us in CIFS Audit logs configuration?</P><P></P><P>1.Currently we have configured the logs in our NAS but this does not give us any audit details like Deletion/Modification/Accessed/Access&nbsp; Failures by User.</P><P>We are looking for a way to retrieve details which&nbsp; will give us these details and it is of utmost importance to us</P><DIV id=":113">2. The current .evt file is storing in the file, we are looking for a&nbsp; script which will automatically copy this file to a windows share before&nbsp; truncation<BR /> 3. We have integrated NAS with SCOM but we are not able to configure the&nbsp; alerts in file/Folder level where we intend to have an alert when&nbsp; unauthorized access of files/folders happen<BR /> 4. We have certain files in the NAS which cannot be deleted as they are&nbsp; already opened by another user, in reality it is not. Now we cannot kill&nbsp; the session as possible in windows.</DIV><DIV> </DIV><DIV>Please recommend if any thirdparty app can help in this regard.</DIV><DIV> </DIV><DIV> </DIV><DIV>Regards,</DIV><DIV> </DIV><DIV>Xzearik</DIV></BODY></HTML> Thu, 05 Jun 2025 07:04:36 GMT furqan_ghani 2025-06-05T07:04:36Z https://community.netapp.com/t5/Network-and-Storage-Protocols/CIFS-Auditing-Need-Help-and-Recommendations/m-p/3558#M349 <HTML><HEAD></HEAD><BODY><P>Hi Guys,</P><P></P><P>Can some one help us in CIFS Audit logs configuration?</P><P></P><P>1.Currently we have configured the logs in our NAS but this does not give us any audit details like Deletion/Modification/Accessed/Access&nbsp; Failures by User.</P><P>We are looking for a way to retrieve details which&nbsp; will give us these details and it is of utmost importance to us</P><DIV id=":113">2. The current .evt file is storing in the file, we are looking for a&nbsp; script which will automatically copy this file to a windows share before&nbsp; truncation<BR /> 3. We have integrated NAS with SCOM but we are not able to configure the&nbsp; alerts in file/Folder level where we intend to have an alert when&nbsp; unauthorized access of files/folders happen<BR /> 4. We have certain files in the NAS which cannot be deleted as they are&nbsp; already opened by another user, in reality it is not. Now we cannot kill&nbsp; the session as possible in windows.</DIV><DIV> </DIV><DIV>Please recommend if any thirdparty app can help in this regard.</DIV><DIV> </DIV><DIV> </DIV><DIV>Regards,</DIV><DIV> </DIV><DIV>Xzearik</DIV></BODY></HTML> Thu, 05 Jun 2025 07:04:36 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/CIFS-Auditing-Need-Help-and-Recommendations/m-p/3558#M349 furqan_ghani 2025-06-05T07:04:36Z https://community.netapp.com/t5/Network-and-Storage-Protocols/CIFS-Auditing-Need-Help-and-Recommendations/m-p/3563#M350 <HTML><HEAD></HEAD><BODY><P>Xzearik -</P><P></P><P>For file access event auditing you need to configure 'options cifs.audit.file_access_events.enable on'.</P><P>You'll also need to set the system security ACLs on the files/folders that you wish to have auditing on.</P><P>This can be done with Storage-Level Access Guard security, or Windows Properties/Security, or by applying a GPO to propogate the SACLs down through a directory heirarchy.</P><P></P><P>The internal audit log file is stored as /etc/log/auditlog.alf. The .evt files can be saved off to another location with 'options cifs.audit.saveas &lt;fullpath&gt;'.</P><P>You can create a secure share for this path.</P><P></P><P>You can kill individual cifs sessions with 'cifs terminate'. See the man pages.</P><P><BR />I hope this response has been helpful to you.</P><P></P><P>At your service,</P><P></P><P><BR />Eugene E. Kashpureff<BR /><A class="jive-link-email-small" href="mailto:ekashp@kashpureff.org" target="_blank">ekashp@kashpureff.org</A><BR />Fastlane NetApp Instructor and Independent Consultant<BR /><A class="jive-link-external-small" href="http://www.fastlaneus.com/" target="_blank">http://www.fastlaneus.com/</A><SPAN> </SPAN><A class="jive-link-external-small" href="http://www.linkedin.com/in/eugenekashpureff" target="_blank">http://www.linkedin.com/in/eugenekashpureff</A></P><P></P><P>(P.S. I appreciate points for helpful or correct answers.)</P></BODY></HTML> Tue, 30 Nov 2010 21:57:17 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/CIFS-Auditing-Need-Help-and-Recommendations/m-p/3563#M350 ekashpureff 2010-11-30T21:57:17Z https://community.netapp.com/t5/Network-and-Storage-Protocols/CIFS-Auditing-Need-Help-and-Recommendations/m-p/3568#M351 <HTML><HEAD></HEAD><BODY><P>Hello everybody,</P><P></P><P> I'm searching any third application which generate audit reports for a CIFS resource in a Netapp using a domain controller.</P><P></P><P> Do you know any third party aplication who reads the evt file generated for audit Netapp service? Can I generate any report with acces audit integratred with Active Directory for a domain in Windows like system?</P><P> Another workaround is read I/O acces from NetApp API instead of EVT File.</P><P></P><P> Somebody can you help me?</P><P></P><P>Thanks in advance, best,</P><P>Marc Cortinas Val</P></BODY></HTML> Fri, 25 Mar 2011 00:02:31 GMT https://community.netapp.com/t5/Network-and-Storage-Protocols/CIFS-Auditing-Need-Help-and-Recommendations/m-p/3568#M351 mcortinas 2011-03-25T00:02:31Z