I think the original question was to convert the file to CSV format. The dumpel.exe requires RPC, which the filer does not support. Robert wants to convert the EVT file to a CSV (text file), so he can scan the txt file with something like Swatch. I have been working on the same issue, but have not been successful. I tried some shareware utilities, but they all work like dumpel. This is an important question if you want to audit CIFS security. I was working on a perl script to do this, but there has got to be an easier way.
-----Original Message----- From: Carruthers, Paul A [mailto:Paul_Carruthers@AIMFUNDS.COM] Sent: Wednesday, November 07, 2001 11:34 AM To: toasters@mathworks.com Subject: RE: Cifs Auditing
I wrote an script that RSH's to the filers, dumps the event log, copies it to a central location and renames it to the date that it was dumped. Set it up as scheduled task from an NT box and the auditiong dumps are take care of automatically - you just go to the central location to manipulate the evt files.
As it is then a .evt file you should be able to use other tools that you currently use with event logs. Don't specifically know about csv file conversion...
Cheers -- Paul.
-----Original Message----- From: Palmer, Jason (London) [mailto:jason.palmer@wcom.com] Sent: Wednesday, November 07, 2001 9:19 AM To: 'Robert Lobban'; toasters@mathworks.com Subject: RE: Cifs Auditing
A long time since I figured out how to do this...
From memory, you need to run the command 'CIFS AUDIT SAVE -f' on the filer console, that saves the logs to disk in the location '/etc/log/adtlog.evt'
Sorry its a bit vague, but should enable you to generate a Event Log, that can be read by Event Viewer.
Regards,
Jason Palmer WorldCom EMEA
-----Original Message----- From: Robert Lobban [mailto:r_lobban@hotmail.com] Sent: 07 November 2001 14:02 To: toasters@mathworks.com Subject: Cifs Auditing
I am looking for some help Cifs auditing and hoped you may be able to help.
I have managed to setup the auditing that I require but am looking for a way of dumping the security logs into a CSV file.
Under NT we would use Dumpel from the reskit or some such util but does not will not work for the filer.
Is there anyway of doing it or can any one offer some advice.
Many Thanks, Rob
_____
Get your FREE download of MSN Explorer at http://explorer.msn.com http://go.msn.com/bql/hmtag_itl_EN.asp