Solved: Forwarding CIFS Audit logs to splunk server - NetApp Community

Welcome!

An account will enable you to access:
- NetApp support's essential features
- NetApp communities
- NetApp trainings
- Sign in to my account
- Don't have an account?
  Create an account
Learn
Browse

ONTAP Discussions

1,464 Views

Is there a possibility to forward the CIFS audit logs to Splunk? I know NetApp does not have a capability to send the logs to Splunk.
i have tried couple of options like making a hard link of audit logs share in windows server as a folder and tried to forward from there to Splunk but the result was negative. Splunk is unable to pull the logs.
Tried with NFS as well but the result remain same.

Can someone help me if there are any options to try?

1 ACCEPTED SOLUTION

1,409 Views

Have a look at the following thread:

1) CIFS audit logs cannot be pushed to another server, only accessed through a CIFS share.

2) You can forward CIFS audit logs to a syslog server.

https://community.netapp.com/t5/ONTAP-Discussions/CIFS-Audit-log-forwarding-to-Splunk-Server/td-p/433210#:~:text=Correct.,accessed%20through%20a%20CIF...

View solution in original post

1 REPLY 1

1,410 Views

Have a look at the following thread:

1) CIFS audit logs cannot be pushed to another server, only accessed through a CIFS share.

2) You can forward CIFS audit logs to a syslog server.

https://community.netapp.com/t5/ONTAP-Discussions/CIFS-Audit-log-forwarding-to-Splunk-Server/td-p/433210#:~:text=Correct.,accessed%20through%20a%20CIF...

All Community Forums

Public