Skip to main content
NetApp Knowledge Base

Native NAS Auditing : ONTAP vs 7Mode

Views:
371
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

Answer

  1. Can we configure Auditing in ONTAP to capture CIFS events with path in “\” backslash format like 7Mode?
    • No, ONTAP captures all NAS audit events with '/' forward slash by design and it is not configurable
    • There is a field in the Audit event named "Source" which differentiates the protocol of access like CIFS, NFSV3 etc.

Example:

7Mode Event log for CIFS
Object Name:    \vol\volume_name\dir1\dir2\file.txt

ONTAP Event Log 
<Event>
<System>
    .
    <Source>CIFS</Source>
    .
</System>
<EventData>
    .
    <Data Name="ObjectName"> (volume_name);/dir1/dir2/file.txt</Data>
    .
</EventData>
</Event>

  1. Can we capture audit logs in .evt format like in 7Mode ?
    • No, ONTAP can only capture Audit logs in XML or EVTX format

Additional Information

vserver audit create

[-format {xml|evtx}] - Log Format
This parameter specifies the output format of the audit logs. The output format can be either Data ONTAP-specific XML or Microsoft Windows EVTX log format. By default, the output format is EVTX.

 

Scan to view the article on your device