Network and Storage Protocols

CIFS Auditing

Foxtrot1986
4,556 Views

DOT 8.1.4 

I configured CIFS Auditing...and made the cifs.audit.saveas option to another volume then the default vol0.

cifs auditing is working fine. Logs are being sent to that partiicular volume (CIFS Share). but in /etc/messages i am getting an WARNING message..

ALF I/O warning for file /etc/log/cifsaudit.alf: the audit log is empty.

 

i have space in that volume on which audit logs are being saved. but cudnt get why i am receiving this msg.

Need help

Regards

2 REPLIES 2

JSHACHER11
4,525 Views

"This will occur if the autosave is based on a timer value AND no auditing events occur during that time interval"

 

there is a bug report that describes this issue

MBB
4,456 Views

Hey Foxtrot... we have a great audit and reporting tool. It is a lot easier to set up and it works. It is pretty cheap and grabs more info than anything we've seen so far. Take a look at the tools at Arxscan.

Public