Hello team!

I turned on the cifs.audit.liveview.enable feature so that NetApp logs were written to security log so that later my SIEM could take them. But NetApp creates a large number of adtlog.YEAR_MONTH_DAY_NUMBER.evt files with a volume not exceeding 1000kb. This is very bad for handling such logs. Is it possible for NetApp to insist on log files exceeding 1000 kb with the cifs.audit.liveview.enable feature enabled?

Here are my settings:

> options cifs.audit

cifs.audit.account_mgmt_events.enable on

cifs.audit.autosave.file.extension timestamp

cifs.audit.autosave.file.extension.nanosecond_precision off

cifs.audit.autosave.file.limit 999

cifs.audit.autosave.onsize.enable on

cifs.audit.autosave.onsize.threshold 99%

cifs.audit.autosave.ontime.enable on

cifs.audit.autosave.ontime.interval 5h

cifs.audit.enable            on

cifs.audit.file_access_events.enable on

cifs.audit.liveview.allowed_users

cifs.audit.liveview.enable   on

cifs.audit.logon_events.enable on

cifs.audit.logsize           104857600

cifs.audit.nfs.enable        off

cifs.audit.nfs.filter.filename

cifs.audit.saveas            /etc/log/audit/adtlog.evt