Set Up Audit Logging
Applies To: Windows Server 2008
Setting up audit logging
The following procedure describes the process of setting up audit logging for Server for NFS.
To set up logging using the Windows interface
Open Services for Network File System: click Start, point to Programs, point to Administrative Tools, and then click Services for Network File System (NFS).
If necessary, connect to the computer you want to manage.
Right-click Server for NFS, and then click Properties.
Click the Audit Logging tab.
To record audited events in the Event Viewer application log, select Log events to event log.
To record audited events in a file, select Log events to the following text file. In the text box, type the name of the log file, or click Browse to find the file, and then in Maximum file size, increase the maximum size for the log file, if desired (default: 64 MB).
In Server for NFS Events, select the events to audit from the following options:
Mount and unmount shares
Lock and unlock files
Read files
Writefiles
Createfiles
Deletefiles
All events listed above
To save the settings, click Apply.
Note
By default, no events are audited. If recording audited events to a text file, the log file must be on your local computer. To stop logging an event, clear its check box. If you choose to record Server for NFS audited events in the event log, the string corresponding to the file name could be truncated due to a system limitation.
One solution to this problem is to record audited events to a text file. On a server cluster, we recommend that you record audited events to Event Viewer because its data replicates to all the nodes in the cluster. In this scenario, recording audited events to a text file in addition to the event log can help associate complete file names with a particular audit log entry.