ONTAP Discussions

Audit file folder access from specific IP

ECEDERGREN

I'm looking for a way to see when users access CIFS on specific SVM from specific IP what files they are accessing. 

 

Have a network segment will be isolating and want to verify if clients in this range are accessing CIF shares.

 

 

1 ACCEPTED SOLUTION

SpindleNinja

Basic CIFS Audit will have what you need.    You can collect the load (use the XLM collect) and grab the file and search via IP.   

 

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cifs-nfs-audit/home.html

 

View solution in original post

4 REPLIES 4

SpindleNinja

Basic CIFS Audit will have what you need.    You can collect the load (use the XLM collect) and grab the file and search via IP.   

 

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cifs-nfs-audit/home.html

 

View solution in original post

ECEDERGREN

Looks like security trace filters will do what I need. Thanks for pointing me in right direction. 

parisi

Keep in mind you don't want to keep security trace filters enabled indefinitely (if you're referring to vserver security trace).

 

Instead, use native SMB audit or a 3rd party fpolicy server.

SpindleNinja

No problem Eric,   and keep in mind what @parisi  said. 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public