Network and Storage Protocols

Files access log in the NetApp Filer


The customer wants to replace the file & print server with the NetApp filer. They are now asking if there is a log or anyway they can find out who is accessing what kind of files, e.g. the .pst file which the Windows servers has.


Terrence Lee



Have a look at cifs auditing

If you want to know what is happening to data on the SAN but inside a Windows lun you need to turn on Windows auditing on the server.  This is because NetApp only sees the LUN and not it's contents.

If you want to see who's trying to access a folder of sensitive files on your file server, you can enable the Audit Object Access audit policy under Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy in the appropriate GPO. Then use the ACL editor on the Security tab of the folder's properties sheet and specify which groups of users you want to audit accessing the folder.

If you want to detect unauthorized attempts at accessing the files, enable Failure auditing in the policy and audit Read permissions in the ACL.

If you want to see who is accessing the files and modifying them, enable Success auditing in the policy and audit Write and Append permissions in the ACL.

Hope this helps



Hi Brendon,

Thanks for the info. It's useful. However, is there the way in the NetApp side? It is because the customer wants to use the appliance as the file & print server and eliminate the window server.