EVT anylizing tool

tondu · ‎2014-11-20

I know there are 3 ways to gather NetApp CIFS audit logs:

1) FPpolicy - very expensive products, need administrative privileges on the filer, but are easy to use

2) Windows API - not so expensive and not so easy to use, but still need at least Power User privileges on accessing NetApp through Windows API

3) EVT files on \\filer\etc$\log share - application need only CIFS share permissions and cannot do any harm to filer any way, but cannot find any easy to use tool.

Can somebody point me in right direction?

If NetApp is suggesting using 3rd party FPolicy products (Varonis, NetWrix, etc..) could it be possible that soon EVT files support will be dropped?

JeffNetwrix · ‎2014-12-05

Hello Tondu,

I don't think support for EVT logging will be dropped in future, in my opinion NetApp suggests using 3rd party products for auditing as they offer more convenient way for end users to get easy to understand information from NetApp devices. Therefore NetApp can focuse more on providing what is expected from storages - keeping data and granting acess to it with high speed.. etc.

And in case you need storage auditing we have Netwrix Auditor for File Servers solution with 20 days of free trial.

EVT anylizing tool

Get ready to power on