ONTAP Discussions

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Audit file folder access from specific IP

ECEDERGREN
‎2020-08-20 06:49 AM
3,710 Views

I'm looking for a way to see when users access CIFS on specific SVM from specific IP what files they are accessing. 

 

Have a network segment will be isolating and want to verify if clients in this range are accessing CIF shares.

 

 

0 Kudos
1 ACCEPTED SOLUTION
ECEDERGREN has accepted the solution

SpindleNinja
A-Team Tech Advisor A-Team Tech Advisor
‎2020-08-20 08:06 AM
3,690 Views

Basic CIFS Audit will have what you need.    You can collect the load (use the XLM collect) and grab the file and search via IP.   

 

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cifs-nfs-audit/home.html

 

View solution in original post

4 REPLIES 4
ECEDERGREN has accepted the solution

SpindleNinja
A-Team Tech Advisor A-Team Tech Advisor
‎2020-08-20 08:06 AM
3,691 Views

Basic CIFS Audit will have what you need.    You can collect the load (use the XLM collect) and grab the file and search via IP.   

 

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cifs-nfs-audit/home.html

 

ECEDERGREN
‎2020-08-25 06:10 AM
In response to SpindleNinja
3,614 Views

Looks like security trace filters will do what I need. Thanks for pointing me in right direction. 

0 Kudos

parisi
A-Team Tech Advisor A-Team Tech Advisor
‎2020-08-25 06:44 AM
In response to ECEDERGREN
3,602 Views

Keep in mind you don't want to keep security trace filters enabled indefinitely (if you're referring to vserver security trace).

 

Instead, use native SMB audit or a 3rd party fpolicy server.

0 Kudos

SpindleNinja
A-Team Tech Advisor A-Team Tech Advisor
‎2020-08-25 07:04 AM
In response to ECEDERGREN
3,597 Views

No problem Eric,   and keep in mind what @parisi  said. 

0 Kudos
Announcements
All Community Forums
Public