vGateway CIFS/SMB Audit Logs

A vGateway appliance can be optionally configured to log SMB/CIFS events that occur locally on the device. This can be extremely useful when you need a log of modified files to troubleshoot issues.

Configure the Audit Log Share

Unlike any other shared you will create, the audit logging functionality requires a local share. This means the data will remain only on the local vGateway and not be entered into the Global File System.

1. Login to the vGateway
2. Select Share and then Shares
   
3. Select New Share
   1. Select vol1 and select New Folder
      
   2. Enter auditlogs and select Save    
      
   3. Select the newly created auditlogs folder and click Next
      
   4. Name the share auditlogs and select Next 
      
   5. Reconfigure the Sharing Protocols and select Next
      1. Windows File Sharing:         Windows ACL Mode
      2. Block Extentions:                  Disabled
      3. Client Caching:                      Disabled
      4. FTP:                                       Disabled
      5. Search:                                   Disabled
         
   6. Skip NFS configurations by selecting Next
   7. Configure Permissionson the share
      1. Select the Trash Can icon nect to Everyone to remove the permissions
      2. Locate the appropriate Group to allow access to the auditlogsshare
         1. This share should be restrictured to Administrator Access
      3. Ensure the proper permissions have been set and select Next
         
      4. Select Finsih
         
      5. Verify your share has been created

Configure the Audit Logs

Now that you have configured a share to contain the logs, we can enable the logging functionality.

1. Login to the vGateway
2. Select Event Log and then Audit Logs
   
3. Configure the Audit Logs and select Save
   1. Enable Audit Logs:            Saved
   2. Save log files to:                auditlogs 
   3. Rotate Days:                      Default (1) or Config
   4. Rotate Size:                        Default (100MB) or Config
   5. Closed Days:                      Default (30) or Config
   6. Events to Log:                    Default or Client Setting
      1. Default events are Create Files Write Data, Create Folders Append Data, Write Extended Attributes, Delete Subfolders and Files, Write Attributes, Delete, Change Permissions, Change Owner
         
         Note that the amount of events logged is directly proportional to the amount of vGateway resources consumed. Logging more events will cause higher virtual hardware utilization and may impact performance.

         
         
   7. Human Readable:Audit logs will not be sent to the share that was configured earlier
4. To view logs navigate to the share and view the log files