ONTAP Discussions

CIFS share auditing for deleting/modifing/moving items

FelixZhou
2,921 Views

on EMC VNX, we can redirect the auditing log to different file system. Not sure if we can do the same on NetApp AFF. we will need to trace the file and folder deleting, modifying and moving actions on CIFS shares. Any sugestions will be appreciated.

thanks

3 REPLIES 3

Ontapforrum
2,881 Views

For reference:
How to set up CIFS auditing with clustered Data ONTAP
https://kb.netapp.com/app/answers/answer_view/a_id/1030726


FAQ: ONTAP/Data ONTAP Log Overview
https://kb.netapp.com/app/answers/answer_view/a_id/1001023

This is a general audit.log file, it is sent by the AutoSupport tool to the specified recipients. You can also forward the content securely to external destinations that you specify; for example, a Splunk or a syslog server.

FelixZhou
2,793 Views

thanks for replay.  It looks more on auditing of NetApp user activities rather than on data changes.  if any further information on this, please share.

Ontapforrum
2,755 Views

I think you are looking for 'file' access events.

 

There are also 3rd Party FPOLICY servers which is supported with cDOT,  which also does the CIFS audit in more depth with a GUI (Front-end app).

 

FAQ: FPolicy: Auditing 
https://kb.netapp.com/app/answers/answer_view/a_id/1000982


More reference material:
Deciding whether to use the SMB/CIFS and NFS Auditing and Security Tracing Guide:
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-cifs%2FGUID-39EA9A84-7543-4C3E-912E-387F232755F8.html&lang=en

 

Clustered Data ONTAP CIFS Auditing Quick Start Guide:
https://www.netapp.com/us/media/tr-4189.pdf

https://kb.netapp.com/app/answers/answer_view/a_id/1030726


SMB/CIFS and NFS Auditing and Security Tracing Guide:
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cifs-nfs-audit%2FGUID-01F56118-DE39-4DD0-ACAC-567E394A514A.html&lang=en

Public