Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Folks ,
Can someone guide how to enable audit logs for CIFS shares on Ontap CVO ?
Do it has to be NFS/CIFS audit enabling ? It is different for NFS and CIFS ?
Thanks in Advance !
Solved! See The Solution
1 ACCEPTED SOLUTION
Netapp_maniac has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Depends on the System that you want to use to viewing the logs..
You can mount the volume to look into the logfiles..
12 REPLIES 12
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Dude,
the Guide what you are looking for is this: https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cifs-nfs-audit/home.html , but are you using CVO Service or the fully CVO?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you please help me understand what will be the unix path name as per below command :
vserver audit create -vserver <vserver> -destination <unix path> -rotate-size <size>
Thanks !!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You have to create a volume for the log. Than you have to mount the Volume under junction path.
Example for the Command
vserver audit create -vserver vs1 -destination /audit_log
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Volume security style has to be NTFS OR UNIX ?
So will the logs be available in windows/unix machine when the volume is mounted to it ?
Thanks !!
Netapp_maniac has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Depends on the System that you want to use to viewing the logs..
You can mount the volume to look into the logfiles..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you ! This has helped me 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can i view logs from unix machine using windows event viewer ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you have to install NFS client for Windows to review any NFS export.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CIFS/NFS auditing is not enabled by default, you have to enable it on each SVM, as best practice, redirect the audit log to a different small volume, set up log size and rotation. for CIFS, you can use Window evnetviewer to trace the logs.
For detailed audit request, third party auditing application is required since by native, either NetApp or windows doesn't have enough function/convince to audit CIFS shares.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have an issue here , when enabled audit log for ntfs clients . I am able to access share(\auditlog) from client machine but unable to view from the logs from eventviewer. when i am trying to open , it says "A device attached to the system is not functioning "
Thanks in advance
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
The below kb document has great step by step instructions as well as examples for what different types of audits would look like:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Netapp_maniac @Reverett @FelixZhou @Fabian1993
How to access this event log using PowerShell scriot to find user infor , who accessed a share.
My task is i have to find who accessedd a share and when.
