I wrote an script that RSH's to the filers,
dumps the event log, copies it to a central location and renames it to the
date that it was dumped. Set it up as scheduled task from an NT box and the
auditiong dumps are take care of automatically - you just go to the central
location to manipulate the evt files.
As
it is then a .evt file you should be able to use other tools that you
currently use with event logs. Don't specifically know about csv file
conversion...
Cheers -- Paul.
A
long time since I figured out how to do this...
From memory, you need to run the command 'CIFS AUDIT SAVE -f' on the
filer console, that saves the logs to disk in the location
'/etc/log/adtlog.evt'
Sorry its a bit vague, but should enable you to generate a Event
Log, that can be read by Event Viewer.
Regards,
Jason Palmer
WorldCom EMEA
I am looking for some help Cifs auditing and hoped you may be
able to help.
I have managed to setup the auditing that I require but am looking
for a way of dumping the security logs into a CSV file.
Under NT we would use Dumpel from the reskit or some such util
but does not will not work for the filer.
Is there anyway of doing it or can any one offer some advice.
Many Thanks,
Rob
Get your FREE download of MSN Explorer at http://explorer.msn.com