Sorry, I can't help feeling I should know this, but I just can't find what I'm looking for. We have a number of vfilers providing CIFS file sharing. We have a team of 1st line support people who have rights to create, remove and modify shares via the Windows MMC. I'd like to be able to keep a log of these changes, but I can't seem to find out how/where to do this. I've turned on CIFS audit logging, but only seem to see login/logout events. I've turned on the option cifs.audit.account_mgmt_events.enable, but it doesn't seem to have changed what is logged in the event logs.