Setting up audit logging
Applies To: Windows Server 2003 R2
To set up logging using the Windows interface
Open Microsoft Services for Network File System: click Start, point to Programs, point to Administrative Tools, and then click Microsoft Services for Network File System.
If necessary, connect to the computer you want to manage.
Right-click Server for NFS, and then click Properties.
Click the Audit Logging tab.
To record audited events in the Event Viewer application log, select Log events to event log.
To record audited events in a file, select Log events to the following text file. In the text box, type the name of the log file, or click Browse to find the file, and then in Maximum file size, increase the maximum size for the log file, if desired (default: 64MB).
In Server for NFS Events, select the events to audit from the following options:
Mount and unmount shares.
Lock and unlock files.
Read files.
Write files.
Create files.
Delete files.
All events listed above.
To save the settings, click Apply.
Note
By default, no events are audited. If recording audited events to a text file, the log file must be on your local computer. To stop logging an event, clear its check box. If you choose to record Server for NFS audited events in the event log, the string corresponding to the file name could be truncated due to a system limitation. One solution to this problem is to record audited events to a text file. On a server cluster, it is recommended that you record audited events to the Event Viewer because its data replicates to all the nodes in the cluster. In this scenario, recording audited events to a text file in addition to the event log can help associate complete file names with a particular audit log entry.