Hello everyone,

I've been running into issues with growing CIFS access and I need more visibility.  I've searching google, toaster archive, NOW, and CPAN for something that will generate a report from the cifs audit logs and can't find anything.  I find allusions to scripts, but no one posting them.

I will probably have to write a script myself but was wondering if there is anything already out there that someone would like to share.

Here is how I see the script going:
Pull down cifs audit.evt files from the filer
Convert to CSV
Parse the csv and generate a report to show which users are hitting which shares & files
Submit records to mysql or another db so we have a historical security audit log DB for cifs. 

Three Qs:
1 - Would this work with NFS - it seems we lack NFS auditing with DOT. 
2 - Is this something DFM could do?  
3.  What if any performance impact is seen by enabling NTFS file auditing (all options) for say 10 TB of data. 

Any help or feedback would be appreciated.  I'm running DOT 7.1 on a pair of 940cs.

-- Hadrian