Gord, Sorry for the late reply. I am on the road and have only very limited connectivity (I wonder when this mail actually goes out...). We have created spcific logic in MonitorWare Agent (http://www.mwagent.com) to handle the netap .evt files in real time. I know at least of a couple of customers using it for that reason. Sorry for the brief reply, but I hope it is helpful. Rainer > -----Original Message----- > From: > loganalysis-bounces+rgerhards=hq.adiscon.com@private > [mailto:loganalysis-bounces+rgerhards=hq.adiscon.com@private oo.com] On Behalf Of Gord Taylor > Sent: Tuesday, August 15, 2006 12:40 PM > To: Eric Fitzgerald > Cc: loganalysis > Subject: [logs] Re: CIFS Auditing log from NetApp > > Thanks Eric, I wasn't aware of that registry value, so that > may prove handy for other things. > > However, NetApp isn't running a real version of Windows. It's > running a Linux variant, which "emulates" CIFS, and as far as > I know, it doesn't have a "registry" equivalent. I believe > that's why it really logs to cifsaudit.alf, then does a > periodic bulk-export to the .EVT file format. Not sure how > they're emulating language (string) files etc, but I imagine > they're just intercepting the inbound API calls, working some > foo, then passing the buffer back to the caller. > > Unless you know something I don't - and there is a config > that works with NetApp?? > > Right now, I can log files from almost all our platforms, but > the CIFSAudit log is a problem since it is neither a flat > file, nor a true windows system (so I can't install an > agent). I can periodically pull data from the eventlog, but > then that causes me problems with either a) duplicate records > will many of the free/opensource tools for remotely pulling > eventlog files or b) loss of data if the eventlog overwrites. > This is why I prefer real-time a.la syslog style. > > Anyone from NetApp on this distrib? I can go through our > reseller, but they're just going to forward the question, so > if I can get a response direct from someone who has actually > done this, I'd prefer it - and it would benefit the list. > > On 8/14/06, Eric Fitzgerald <Eric.Fitzgerald@private> wrote: > > Search for "autobackuplogfiles" in the KB > (www.microsoft.com/support/kb ). > > > > > > From: loganalysis-bounces+ericf= > windows.microsoft.com@private > <mailto:windows.microsoft.com@private> > [mailto:loganalysis-bounces+ericf=windows.microsoft.com@lists. shmoo.com ] On Behalf Of Gord Taylor > Sent: Friday, August 11, 2006 6:17 AM > To: loganalysis > Subject: [logs] CIFS Auditing log from NetApp > > > > I'm looking to consolidate the logs on a NetApp server. > For most of the logs, this looks pretty simple - standard > syslog stuff. > > But for the filesystem auditing (cifsaudit), NetApp > does a periodic write to the adtlog.evt file from (I believe) > the cifsaudit.alf file. Anyone know if there is a way to PUSH > the cifsaudit stuff from the NetApp box rather than doing > periodic exports of the EVT file??? > > Thanks in advance. > > > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Fri Aug 18 2006 - 19:21:45 PDT