CIFS Auditing- IMPACT

Rawat_Sunil · ‎2015-10-29

Hi,

What is the impact of CIFS Auditing enable in the toage and whee is he log stored.

I have asket to implement the below cifs audit (Home 30m is the 30 Min), what is the advantage and disadvantage of the same.

cifs.audit.autosave.ontime.enable on

cifs.audit.autosave.ontime.interval 30m

cifs.audit.autosave.onsize.enable off

Regards,

Sunil Rawat

ekashpureff · ‎2015-10-29

Rawat -

The impact of auditing isn't that high.

It does depend on how much auditing you turn.

File access logging will be a bit more load.

cifs.audit.saveas specifies the location for the log files:

cifs.audit.saveas
Specifies the active event log file. The file must be in an existing directory in a network share.

You may wish to look at all of the cifs.audit option definitions before turning on auditing.

They're all documented in the 'options' man page:

https://library.netapp.com/ecmdocs/ECMP1511537/html/man1/na_options.1.html

I hope this response has been helpful to you.

At your service,

Eugene E. Kashpureff, Sr.
Independent NetApp Consultant http://www.linkedin.com/in/eugenekashpureff
Senior NetApp Instructor, IT Learning Solutions http://sg.itls.asia/netapp
(P.S. I appreciate 'kudos' on any helpful posts.)