2010-11-30 12:42 PM
Can some one help us in CIFS Audit logs configuration?
1.Currently we have configured the logs in our NAS but this does not give us any audit details like Deletion/Modification/Accessed/Access Failures by User.
We are looking for a way to retrieve details which will give us these details and it is of utmost importance to us
2010-11-30 01:57 PM
For file access event auditing you need to configure 'options cifs.audit.file_access_events.enable on'.
You'll also need to set the system security ACLs on the files/folders that you wish to have auditing on.
This can be done with Storage-Level Access Guard security, or Windows Properties/Security, or by applying a GPO to propogate the SACLs down through a directory heirarchy.
The internal audit log file is stored as /etc/log/auditlog.alf. The .evt files can be saved off to another location with 'options cifs.audit.saveas <fullpath>'.
You can create a secure share for this path.
You can kill individual cifs sessions with 'cifs terminate'. See the man pages.
I hope this response has been helpful to you.
At your service,
(P.S. I appreciate points for helpful or correct answers.)
2011-03-24 05:02 PM
I'm searching any third application which generate audit reports for a CIFS resource in a Netapp using a domain controller.
Do you know any third party aplication who reads the evt file generated for audit Netapp service? Can I generate any report with acces audit integratred with Active Directory for a domain in Windows like system?
Another workaround is read I/O acces from NetApp API instead of EVT File.
Somebody can you help me?
Thanks in advance, best,
Marc Cortinas Val