What are the events that can be audited for CIFS, NFS access?
Applies to
- ONTAP 9.x
Answer
CIFS access events
You can audit the following events:
• SMB file and folder access events
You can audit SMB file and folder access events on objects stored on FlexVol volumes belonging to the auditing-enabled SVMs.
• CIFS logon and logoff events
You can audit CIFS logon and logoff events for CIFS servers on SVMs.
• Central access policy staging events
You can audit the effective access of objects on CIFS servers using permissions applied through proposed central access policies. Auditing through the staging of central access policies enables you to see what the effects are of central access policies before they are deployed.
Auditing of central access policy staging is set up using Active Directory GPOs; however, the SVM auditing configuration must be configured to audit central access policy staging events.
Although you can enable central access policy staging in the auditing configuration without enabling Dynamic Access Control on the CIFS server, central access policy staging events are generated only if Dynamic Access Control is enabled. Dynamic Access Control is enabled through a CIFS server option. It is not enabled by default.
NFS access events
You can audit the following NFS file and directory access events:
• READ
• OPEN
• CLOSE
• READDIR
• WRITE
• SETATTR
• CREATE
• LINK
• OPENATTR
• REMOVE
• GETATTR
• VERIFY
• NVERIFY
• RENAME