Network and Storage Protocols
I configured CIFS Auditing...and made the cifs.audit.saveas option to another volume then the default vol0.
cifs auditing is working fine. Logs are being sent to that partiicular volume (CIFS Share). but in /etc/messages i am getting an WARNING message..
ALF I/O warning for file /etc/log/cifsaudit.alf: the audit log is empty.
i have space in that volume on which audit logs are being saved. but cudnt get why i am receiving this msg.
"This will occur if the autosave is based on a timer value AND no auditing events occur during that time interval"
there is a bug report that describes this issue
Hey Foxtrot... we have a great audit and reporting tool. It is a lot easier to set up and it works. It is pretty cheap and grabs more info than anything we've seen so far. Take a look at the tools at Arxscan.
Join our Discord Community