2014-07-25 02:38 AM
We use CIFS and NFS audit function (using SLAG) to collect file access events (read,write, delete...). We used this procedure : https://library.netapp.com/ecmdocs/ECMP1196993/html/GUID-06C74280-7DC2-4DC9-AEDB-57E83AEAABBE.html
It works well for CIFS file access, but for NFS file access, the IP adress shown in audit logs is invalid : source IP appears as 18.104.22.168 :
We made several tests (on different filers and qtrees) and each time the issue is the same : an invalid IP address wich is not exploitable
Any suggestions to solve this issue ?
Thx for your help