You’d have to find the mechanism to programmatically convert to CSV – the data files are in MS evt format (but I’m sure it can be done).

 

1.)     No – NFS doesn’t have auditing that I recall

2.)     DFM doesn’t do this

3.)     File Auditing does have some impact, but it’s difficult to predict just how much – impact will depend on the amount of headroom you have left in your filer (current load).  7.2 will probably help a bit as the rumors of multi-threaded WAFL should be present (or maybe that’s 7.3??)

 

Glenn

 


From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Hadrian Baron
Sent: Tuesday, June 27, 2006 12:00 PM
To: toasters@mathworks.com
Subject: Any CIFS Audit scripts?

 

Hello everyone,

I've been running into issues with growing CIFS access and I need more visibility.  I've searching google, toaster archive, NOW, and CPAN for something that will generate a report from the cifs audit logs and can't find anything.  I find allusions to scripts, but no one posting them.

I will probably have to write a script myself but was wondering if there is anything already out there that someone would like to share.

Here is how I see the script going:
Pull down cifs audit.evt files from the filer
Convert to CSV
Parse the csv and generate a report to show which users are hitting which shares & files
Submit records to mysql or another db so we have a historical security audit log DB for cifs. 

Three Qs:
1 - Would this work with NFS - it seems we lack NFS auditing with DOT. 
2 - Is this something DFM could do?  
3.  What if any performance impact is seen by enabling NTFS file auditing (all options) for say 10 TB of data. 

Any help or feedback would be appreciated.  I'm running DOT 7.1 on a pair of 940cs.

-- Hadrian