You’d have to find the mechanism to
programmatically convert to CSV – the data files are in MS evt format
(but I’m sure it can be done).
1.) No – NFS doesn’t have auditing that I recall
2.) DFM doesn’t do this
3.) File Auditing does have some impact, but it’s difficult to
predict just how much – impact will depend on the amount of headroom you
have left in your filer (current load). 7.2 will probably help a bit as the
rumors of multi-threaded WAFL should be present (or maybe that’s 7.3??)
Glenn
From:
owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Hadrian Baron
Sent: Tuesday, June 27, 2006 12:00
PM
To: toasters@mathworks.com
Subject: Any CIFS Audit scripts?
Hello
everyone,
I've
been running into issues with growing CIFS access and I need more
visibility. I've searching google, toaster archive, NOW, and CPAN for
something that will generate a report from the cifs audit logs and can't find
anything. I find allusions to scripts, but no one posting them.
I
will probably have to write a script myself but was wondering if there is anything
already out there that someone would like to share.
Here
is how I see the script going:
Pull
down cifs audit.evt files from the filer
Convert
to CSV
Parse
the csv and generate a report to show which users are hitting which shares
& files
Submit
records to mysql or another db so we have a historical security audit log DB
for cifs.
Three
Qs:
1 -
Would this work with NFS - it seems we lack NFS auditing with DOT.
2 - Is
this something DFM could do?
3.
What if any performance impact is seen by enabling NTFS file auditing (all
options) for say 10 TB of data.
Any
help or feedback would be appreciated. I'm running DOT 7.1 on a pair of
940cs.
--
Hadrian