ONTAP Discussions

CIFS Audit log forwarding to Splunk Server

StorageIT
4,655 Views
Hello Community We want to check which client IPs access a Cifs share and map/check the whole stuff in Splunk. Is a CIFS audit log forward to a Splunk server possible? If yes how? Any Documentation available how to configure? I find in the NetApp documentation only general information about the "audit" log forwarding but not explicitly about the CIFS audit. If it is not possible via Splunk, what solution does NetApp offer here? Many Thanks in advance. Juergen
1 ACCEPTED SOLUTION

aladd
4,579 Views

Correct. CIFS audit logs cannot be pushed to another server, only accessed through a CIFS share.

 

aladd_0-1647941601707.png

Reference from documentation:

 

https://www.netapp.com/pdf.html?item=/media/16330-tr-4189pdf.pdf

Pg. 12

View solution in original post

3 REPLIES 3

STORAGE_CIT
4,583 Views

Thanks. Yes for the normal "audit" log its clear. it will use the syslog framework.

 

My Question was regarding "cifs audit" logs and forward directly into Splunk for parsing. 

aladd
4,580 Views

Correct. CIFS audit logs cannot be pushed to another server, only accessed through a CIFS share.

 

aladd_0-1647941601707.png

Reference from documentation:

 

https://www.netapp.com/pdf.html?item=/media/16330-tr-4189pdf.pdf

Pg. 12

Public