Auditing File Access

Edge Filer Administration > Edge Filer Monitoring and Maintenance > Edge Filer Logging > Auditing File Access

The gateway provides audit logs of the SMB file access operations performed on the gateway. This enables organizations to ensure compliance with internal policies and regulations.

Note: The SMB audit log does not record sync operations between the gateway and a CTERA Portal.

To enable SMB audit logs:

1 In the CONFIGURATION tab, select Event Log > Audit Logs in the navigation pane.

The Audit Logs window is displayed.

2 Select the Enable CIFS / SMB Audit Logs option.

3 In the Save log files to field, either enter the destination folder path for the logs or click ... and select the destination folder.

You can create a new destination folder by entering in the folder path and name.

4 Optionally change the following logging details as desired:

Rotate files every – How often to rollover the log files. You can define the rotation time in minutes, hours or days.

Rotate files every – When to rollover the log files if they grow large. You can define the rotate size in KB, MB, or GB.

Keep closed files for – The number of days to keep closed log files.

5 In the Events to log area, optionally change the events to log, based on your organization's needs. To add or delete events to log, scroll through the list and select or clear the appropriate check boxes.

6 Check Log permission changes in human readable format, as described in SMB Audit Log Formatted in Human Readable Form.

7 Click Save.

SMB Audit Log Formatted in Human Readable Form

Changes in ACL permissions to files and folders can be reported in the SMB audit log in an understandable format. Each log entry has the following format:

Where:

ace-type indicates the type of ACE (allow/deny)

ace-rights indicates the type of permissions/AccessMask

ace-flags indicates the ACE behavior

Note: Setting the log to be readable degrades performance.