Solved: Re: Monitoring CIFS issues

ADMWWHITEHURST · ‎2012-04-30

New to CIFS here. Trying to figure out how to access/monitor a CIFS share. We have one particular share that will intermittently deny access to a user. Most of the time she can access this share without any issues, but every so often the share will give her an access denied error. All other shares work fine during this time. Where can I find logs on the toaster that will show this error?

scottgelb · ‎2012-04-30

You can also enable options cifs.trace_login on and view the console and messages...turn off when done.

View solution in original post

HENRYPAN2 · ‎2012-04-30

Will,

The syslog on filer is located in /etc/message if you prefer CLI.

On old Filer View or new Sys Mgr v 2R1 you'll find system log as well.

You may also wish to double check on Windows logs from the host side.

Good luck

Henry

ADMWWHITEHURST · ‎2012-04-30

i looked through the SYSLOG and saw nothing that pertained to user connections/activity, just system related logs. Is there a Windows equivalent "security" log for CIFS?

scottgelb · ‎2012-04-30

You can also enable cifs auditing and use event viewer to view the cifs audit... there are good KBs on this on the support.netapp.com page. Enable auditing with options, turn on liveview typically, then on the windows client go to advanced settings on the share to select audit events.

scottgelb · ‎2012-04-30

You can also enable options cifs.trace_login on and view the console and messages...turn off when done.

ADMWWHITEHURST · ‎2012-04-30

Being that the issue is intermittent, would leaving this enabled for a day or so cause too much overhead?

scottgelb · ‎2012-04-30

It would make the console a bit busy depending on number of users… easier to catch it but you could monitor messages size in the root volume to make sure you aren’t filling up… on most systems there is plenty of room to do this.