ONTAP 9 Manuals ( CA08871-402 )

Manage file-share event

When a file-share event is configured for a storage virtual machine (SVM) and an audit is enabled, audit events are generated. The file-share events are generated when the SMB network share is modified using vserver cifs share related commands.

The file-share events with the event-ids 5142, 5143, and 5144 are generated when a SMB network share is added, modified, or deleted for the SVM. The SMB network share configuration is modified using the cifs share access control create|modify|delete commands.

The following example displays a file-share event with the ID 5143 is generated, when a share object called 'audit_dest' is created:

fujitsu-clus1::*> cifs share create -share-name audit_dest -path /audit_dest
- System
  - Provider
   [ Name]  Fujitsu-Security-Auditing
   [ Guid]  {3CB2A168-FE19-4A4E-BDAD-DCF422F13473}
   EventID 5142
   EventName Share Object Added
   ...
   ...
  ShareName audit_dest
  SharePath /audit_dest
  ShareProperties oplocks;browsable;changenotify;show-previous-versions;
  SD O:BAG:S-1-5-21-2447422786-1297661003-4197201688-513D:(A;;FA;;;WD)
Top of Page