ONTAP Discussions

CIFS Audit log forwarding to Splunk Server

StorageIT
Hello Community We want to check which client IPs access a Cifs share and map/check the whole stuff in Splunk. Is a CIFS audit log forward to a Splunk server possible? If yes how? Any Documentation available how to configure? I find in the NetApp documentation only general information about the "audit" log forwarding but not explicitly about the CIFS audit. If it is not possible via Splunk, what solution does NetApp offer here? Many Thanks in advance. Juergen
1 ACCEPTED SOLUTION

aladd

Correct. CIFS audit logs cannot be pushed to another server, only accessed through a CIFS share.

 

aladd_0-1647941601707.png

Reference from documentation:

 

https://www.netapp.com/pdf.html?item=/media/16330-tr-4189pdf.pdf

Pg. 12

View solution in original post

3 REPLIES 3

STORAGE_CIT

Thanks. Yes for the normal "audit" log its clear. it will use the syslog framework.

 

My Question was regarding "cifs audit" logs and forward directly into Splunk for parsing. 

aladd

Correct. CIFS audit logs cannot be pushed to another server, only accessed through a CIFS share.

 

aladd_0-1647941601707.png

Reference from documentation:

 

https://www.netapp.com/pdf.html?item=/media/16330-tr-4189pdf.pdf

Pg. 12

Public