I wrote an script that RSH's to the filers, dumps the event log, copies it to a central location and renames it to the date that it was dumped. Set it up as scheduled task from an NT box and the auditiong dumps are take care of automatically - you just go to the central location to manipulate the evt files.

As it is then a .evt file you should be able to use other tools that you currently use with event logs. Don't specifically know about csv file conversion...

Cheers -- Paul.

-----Original Message-----
From: Palmer, Jason (London) [mailto:jason.palmer@wcom.com]
Sent: Wednesday, November 07, 2001 9:19 AM
To: 'Robert Lobban'; toasters@mathworks.com
Subject: RE: Cifs Auditing

A long time since I figured out how to do this...

From memory, you need to run the command 'CIFS AUDIT SAVE -f' on the filer console, that saves the logs to disk in the location '/etc/log/adtlog.evt'

Sorry its a bit vague, but should enable you to generate a Event Log, that can be read by Event Viewer.

Regards,

Jason Palmer

WorldCom EMEA

-----Original Message-----
From: Robert Lobban [mailto:r_lobban@hotmail.com]
Sent: 07 November 2001 14:02
To: toasters@mathworks.com
Subject: Cifs Auditing

I am looking for some help Cifs auditing and hoped you may be able to help.

I have managed to setup the auditing that I require but am looking for a way of dumping the security logs into a CSV file.

Under NT we would use Dumpel from the reskit or some such util but does not will not work for the filer.

Is there anyway of doing it or can any one offer some advice.

Many Thanks,

Rob

Get your FREE download of MSN Explorer at http://explorer.msn.com