ONTAP Discussions

CIFS Audit log forwarding to Splunk Server

StorageIT
3,370 Views
Hello Community We want to check which client IPs access a Cifs share and map/check the whole stuff in Splunk. Is a CIFS audit log forward to a Splunk server possible? If yes how? Any Documentation available how to configure? I find in the NetApp documentation only general information about the "audit" log forwarding but not explicitly about the CIFS audit. If it is not possible via Splunk, what solution does NetApp offer here? Many Thanks in advance. Juergen
1 ACCEPTED SOLUTION

aladd
3,294 Views

Correct. CIFS audit logs cannot be pushed to another server, only accessed through a CIFS share.

 

aladd_0-1647941601707.png

Reference from documentation:

 

https://www.netapp.com/pdf.html?item=/media/16330-tr-4189pdf.pdf

Pg. 12

View solution in original post

3 REPLIES 3

STORAGE_CIT
3,298 Views

Thanks. Yes for the normal "audit" log its clear. it will use the syslog framework.

 

My Question was regarding "cifs audit" logs and forward directly into Splunk for parsing. 

aladd
3,295 Views

Correct. CIFS audit logs cannot be pushed to another server, only accessed through a CIFS share.

 

aladd_0-1647941601707.png

Reference from documentation:

 

https://www.netapp.com/pdf.html?item=/media/16330-tr-4189pdf.pdf

Pg. 12

Public