Configure and Audit CIFS Audit Logs for Confidential Shares
This article applies to: Shared File Services
If you need to store confidential data on SFS, you must request a properly configured share.
SFS provides the ability to enable, configure, and perform CIFS auditing in compliance with Cornell Policy 5.10,; however, it is the responsibility of the customer to do so.
When your confidential share is created on SFS a second billable share is created to hold your audit logs. For example:
Billed at our normal rates.
Audit Log Share:
Billed at a higher rate.
Starts at 150 GB, and is automatically grown as required in 150 GB increments. This share is not to be used for any other purpose.
You Configure CIFS Auditing for the share you requested,
The resultant CIFS Audit Log files are automatically stored on the Audit Log Share,
Following is the default configuration for CIFS audit logging:
- A CornellAD group containing only CornellAD “doc” accounts is required to configure the CIFS Audit Logs. Personal NetID’s are not allowed within this group.
- Log files are saved to this share as “filename.evt”, accessible via the Windows Event Viewer application.
- Log files will rotate at least daily.
- Log files will rotate more frequently upon approaching 5 GB capacity per log.
- Log files will contain the creation date/time in their filenames.
- Up to 100 log files will be maintained.
- Your Audit Log Share starts at 150 GB, and will be grown automatically in 150 GB units.