We want to be able to monitor security changes on our filers for CIFS users. I have enabled CIFS auditing on our filer, and it is working, but I am having some additional issues. The EVT format of the event log presents us with a problem because it is a binary file. We currently scan the NT event logs with a service that runs on each of our servers. Any unauthorized access strings are picked up and forwarded to our paging\mail system. Since we cannot run this service on a Netapp, we are unable to scan these files. I have seen some Perl Scripts that can convert the EVT log to a text file, which we can scan, but I would rather not do this. How are admins monitoring CIFS security changes on your Filers? Drew