Auditing File Access
The cloud storage gateway provides audit logs of the Microsoft CIFS and SMB file access operations performed on the gateway. This allows organizations to ensure compliance with internal policies and regulations.
To enable CIFS/SMB audit logs:
1 In the Configuration tab, select Event Log > Audit Logs. The Audit Logs window is displayed.
2 Select the Enable CIFS / SMB Audit Logs option.
3 In the
Save log files to option, click
and select the destination folder for the log files, or else type in the desired folder path.
You can create a new destination folder by typing in the folder path and name.
4 Optionally change the following logging details as desired:
• Rotate file every (time): How often to roll the log files. You can define the rotation time in minutes, hours or days.
• Rotate file every (size): When to roll the log files if they grow large. You can define the rotate size in KB, MB, or GB.
• Keep closed files for: The number of days to keep closed log files.
5 In the Events to log area, optionally change the events to log, based on your organization's needs. To add or delete events to log, scroll through the list and select or clear the appropriate check boxes.
6 Click Save.
SMB Audit Log Formatted in Human Readable Form
Changes in ACL permissions to files and folders can be reported in the SMB audit log in an understandable format. Each log entry has the following format:
Timestamp|Cloud_Storage_Gateway_Name|ctera_audit|setdacl Details|UserName|
Location|File_or_folder_Name|Change details: User Permissions:ace-type and ace-rights|ace-flags
Where:
ace-type indicates the type of ACE (allow/deny)
ace-rights indicates the type of permissions/AccessMask
ace-flags indicates the ACE behavior
Note: Setting the log to be readable degrades performance.
