Cifs Sessions

natrian_maxwell · ‎2010-11-09

I have a filer that is over the limit for disk space on a volume.

It looks like there are nothing but Windows hosts accessing this filer so the showmount -a option does not yield any host names to track down the owner of the volume.

When I use the Cifs sessions command I do not get any output either.

Is there a log file that I can check to see which hosts have been accessing this volume?

Thanks,

NM

ekashpureff · ‎2010-11-09

Natrian -

There wouldn't be any logging by default, though you can turn on cifs auditing to logs of users opening shares.

If there were active sessions you could list users and open directories and files with:

cifs sessions *

If you include the user argument, the command displays information about the specified user, along with the names and access level of files that user has opened. If you use * as the specified user, the command lists all users.

Executing the command for user sam might produce output as follows:

  cifs sessions sam
  users
    shares/files opened

  172.18.34.11(HAWLEY-HOME1)   (sam)
    ENG-USERS
             Read-denyW   - \SAM\SRC\TEST\test_pgm.c


  132.170.108.1(HAWLEY-PC)      (sam)
    ENG-USERS

The output would be very verbose.

Disturbing that cifs sessions is giving you no output ...

I hope this response has been helpful to you.

At your service,

Eugene Kashpureff
NetAppU Instructor and Independent Consultant
(P.S. I appreciate points for helpful or correct answers.)