The commands suggested by Dean are interactive and the output will not be logged in such a way as what I think you're alluding to in your question.
For CIFS and NFS you need to enable some trace and debug options and be prepared for some content bloat in /etc/messages (which you can subsequently grep for the relevant items).
For CIFS I would recommend the following which will create multiple log entries per client authentication request but gives you a rich audit trail to mine (note the CIFS sessions command is just point in time). :
vfiler run * options cifs.trace_login on
Edit the /etc/syslog.conf to change the minimum severity of messages sent to the /etc/messages file as the NFS mountd trace is a debug message
vfiler run * options nfs.mountd.trace on
Your LUN access patterns are a little more predictable or at least should be because they are defined at the array level so the command suggest by Dean should give you what you need.
Please note that the rotation rates of the /etc/messages log will increase (possibily significantly depending on your environment) when these CIFS and NFS logging features are enabled.
Also note that the above examples will enable the log collection on all vFilers. If you have vFilers in the environment it may be easier to tackle on at a time on this system (it would certainly be more managable).
One last parting comment - do the right thing as part of any data migration associated with the decommission and apply appropriate access controls to the NFS and CIFS data.
It will come back and bite you sooner than you thing if you dont.