I have F820 running DOT 6.4.2P6 with CIFS only.  I noticed the cifs audit log does not log all events.  The audit log is dump and saved every night at midnight via a rsh script.  Looking through several log file, there are only a few entries in each of the file.  All of the entries are within 16 minutes after midnight when the audit file is dump.  These are the settings.  I compare it with two other Filers, F880c DOT 6.4.2P12, with the same settings the audit log worked fine.

 

 

cifs.audit.enable            on
cifs.audit.file_access_events.enable on
cifs.audit.logon_events.enable on
cifs.audit.logsize           204800000
cifs.audit.saveas            /etc/log/adtlog.evt

 

Any ideas? 

 

thanks,

Marcus Bui

---

Confidentiality Note: The information contained in this message, and any attachments, may contain confidential and/or privileged material. It is intended solely for the person or entity to which it is addressed. Any review, retransmission, dissemination, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.