I configured CIFS Auditing...and made the cifs.audit.saveas option to another volume then the default vol0.
cifs auditing is working fine. Logs are being sent to that partiicular volume (CIFS Share). but in /etc/messages i am getting an WARNING message..
ALF I/O warning for file /etc/log/cifsaudit.alf: the audit log is empty.
i have space in that volume on which audit logs are being saved. but cudnt get why i am receiving this msg.
Hey Foxtrot... we have a great audit and reporting tool. It is a lot easier to set up and it works. It is pretty cheap and grabs more info than anything we've seen so far. Take a look at the tools at Arxscan.