vGateway CIFS/SMB Audit Logs
- 30 Apr 2021
- DarkLight
vGateway CIFS/SMB Audit Logs
- Updated on 30 Apr 2021
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
A vGateway appliance can be optionally configured to log SMB/CIFS events that occur locally on the device. This can be extremely useful when you need a log of modified files to troubleshoot issues.
Configure the Audit Log Share
Unlike any other shared you will create, the audit logging functionality requires a local share. This means the data will remain only on the local vGateway and not be entered into the Global File System.
- Login to the vGateway
- Select Share and then Shares
- Select New Share
- Select vol1 and select New Folder
- Enter auditlogs and select Save
- Select the newly created auditlogs folder and click Next
- Name the share auditlogs and select Next
- Reconfigure the Sharing Protocols and select Next
- Windows File Sharing: Windows ACL Mode
- Block Extentions: Disabled
- Client Caching: Disabled
- FTP: Disabled
- Search: Disabled
- Skip NFS configurations by selecting Next
- Configure Permissionson the share
- Select the Trash Can icon nect to Everyone to remove the permissions
- Locate the appropriate Group to allow access to the auditlogsshare
- This share should be restrictured to Administrator Access
- Ensure the proper permissions have been set and select Next
- Select Finsih
- Verify your share has been created
- Select vol1 and select New Folder
Configure the Audit Logs
Now that you have configured a share to contain the logs, we can enable the logging functionality.
- Login to the vGateway
- Select Event Log and then Audit Logs
- Configure the Audit Logs and select Save
- Enable Audit Logs: Saved
- Save log files to: auditlogs
- Rotate Days: Default (1) or Config
- Rotate Size: Default (100MB) or Config
- Closed Days: Default (30) or Config
- Events to Log: Default or Client Setting
- Default events are Create Files Write Data, Create Folders Append Data, Write Extended Attributes, Delete Subfolders and Files, Write Attributes, Delete, Change Permissions, Change OwnerNote that the amount of events logged is directly proportional to the amount of vGateway resources consumed. Logging more events will cause higher virtual hardware utilization and may impact performance.
- Default events are Create Files Write Data, Create Folders Append Data, Write Extended Attributes, Delete Subfolders and Files, Write Attributes, Delete, Change Permissions, Change Owner
- Human Readable:Audit logs will not be sent to the share that was configured earlier
- To view logs navigate to the share and view the log files
Was this article helpful?