CIFS Audit Log

Can we forward CIFS audit log to syslog server or any other tools to collect

the CIFS audit log on filer?



Re: CIFS Audit Log

Hi Jeff,

You could use our partner software like Loglogic, NTP etc for that purpose. The native logging doesn't allow to move the logs to a syslog server.


Re: CIFS Audit Log

More info on the LogLogic Open Log Platform, can be found at


Re: CIFS Audit Log


What did you end up using to forward CIFS Audit Logs??  Did you use the "LogLogic Open Log Platform" as recommended below?



Re: CIFS Audit Log

The best way to capture this audit log is by using a Log Management product like LogLogic.  LogLogic appliances support collecting logs using file pulls (as well as receiving syslog and other "push" log data.)

With LogLogic, you can define a cifs share, and the LogLogic appliance can pull the log on a schedule. The LogLogic system can then analyze and parse the file for reporting. The configuration is done through a simple gui and is well documented in the LogLogic Administrator Guide.  You can find more information on this at the LogLogic web site,

Message was edited by: jackl51047

Re: CIFS Audit Log

Thank you so much for the information about LogLogic.  I have reached out to them for more information and a possible call or web demo.

I have one more question....  Are you or anyone familiar with “TriGeo”?  Have you heard anything about TriGeo in comparison to LogLogic?

Here is their website:

Thanks again!


Re: CIFS Audit Log


we are actually currently implementing TriGeo and we're trying to find the best way to get the CIFS audit logs from the Netapp to TriGeo. Still examining this. But judging from this thread it looks like "push" is out of the question

Do you have any experience with TriGeo or is it something you're looking into?

Re: CIFS Audit Log

I do not have any experience with TriGeo or LogLogic.  I am asking for feedback from anyone that may have experience with either product getting CIFS logs from the filer.

Re: CIFS Audit Log

Any more feedback on CIFS Auditing to a syslog appliance?  Has anyone been successful?

Re: CIFS Audit Log

We were able to get it set up using Trigeo, but the Trigeo tool for Netapp is still in beta, so Trigeo customers will need to request it.

We're currently only monitoring one folder on each filer and it has been tested by our Trigeo administrator and it works. We've only used it for about 6 weeks now though.