Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Daniel_Oberhofe

1 Message

1075

September 6th, 2013 07:00

[Celerra NS-120] CIFS security audit settings

I'm using a Celerra NS-120 and I have a question about the security audit settings for the CIFS Server.

With the "Celerra Management" Tool I enabled the audit logging on the CIFS Server successfully.

After activating window auditing on the CIFS share, the logs started to fill.

I see that the security log also shows filefilter entries (file type restrictions).

I want to disable the filefilter failure logs.

Is there any way to do this?

Here is an example of entry that I want to exclude:

Event Type:    Failure Audit

Event Source:    Security

Event Category:    Object Access

Event ID:    560

Date:        9/6/2013

Time:        4:13:05 PM

User:        domain\user

Computer:    CIFSDATAMOVER

Description:

Object Open:

     Object Server:    Security

     Object Type:    File extension not allowed

     Object Name:    \fs_xxx\abc\OFFICE\some_program.exe

     New Handle ID:    -

     Operation ID:    {Open,-}

     Process ID:    -

     Primary User Name:    -

     Primary Domain:    -

     Primary Logon ID:    -

     Client User Name:    user

     Client Domain:    DOMAIN

     Client Logon ID:    0x0004448cc8 - 127.0.0.1

     Accesses        READ_CONTROL

            SYNCHRONIZE

            ReadData

            ReadEA

            ReadAttributes

     Privileges        -

sameek

60 Posts

March 28th, 2014 07:00

Hi

Please try refering to below mentioned link which may help you

https://community.emc.com/docs/DOC-8045

Thanks

Was this post helpful?

View All

No Events found!

Top