Audit Logs
Web Access audit logs track user-related events that occur within the appliance, including file access and use of shared links.
File system access is logged using the standard file system audit events such as “Create Directory” and “Read File”. Web Access adds other audit events such as “Create Shared Link” and “Access Shared Link”.
Auditing is configured for a given volume and filer; it is disabled by default. Once volume auditing is enabled, shared link audit events are always logged. To log file system audit events, select the “Event Types” you are interested in. We recommend Create, Delete, Rename, Write, and Read to limit the number of events generated. For configuration, see Chapter 7: Volumes Page.
Audit Events
Category | Event | Notes | Version |
|---|---|---|---|
Shared Link | Create Shared Link | < 10.0 | |
Shared Link | Access Shared Link | user is the person who created the link. | < 10.0 |
Shared Link | Modify Shared Link | Not used since 10.1. Reserved for future use. | < 10.0 |
Shared Link | Delete Shared Link | user is the person who created the link. (Links can be deleted through the NMC). | < 10.0 |
Shared Link | Regenerate Shared Link | Not used since 10.1 | < 10.0, removed in 10.1 |
Read, Security, Close, Create, Metadata, and so forth. | Create Directory, Create File, Read File, Read Directory, and so forth. | client IP is ::1 or blank. When accessing files through a shared link user is the person who created the link. | < 10.0 |
Examples
Create Shared Link
Field | Example |
|---|---|
timestamp(UTC) | 2025-01-20 10:50:51.415811 |
category | Shared Link |
event type | Create Shared Link |
path/from | /folder_name/filename.png |
new path/to | |
user | CARBON\test_user_1 |
group | CARBON\domain users |
sid | S-1-5-21-1232635305-2242535681-3090488443-1109 |
share/export name | Automation |
volume type | CIFS |
client IP | 172.5.0.25 |
snapshot timestamp(UTC) | |
shared link | NznqhudSVDlD2cnmkdPpODJ8syKE1ydF |
Access Shared Link
Field | Example |
|---|---|
timestamp(UTC) | 2025-01-20 10:50:51.415811 |
category | Shared Link |
event type | Access Shared Link |
path/from | /folder_name/filename.png |
new path/to | |
user | CARBON\test_user_1 |
group | CARBON\domain users |
sid | S-1-5-21-1232635305-2242535681-3090488443-1109 |
share/export name | Automation |
volume type | CIFS |
client IP | 172.5.0.25 |
snapshot timestamp(UTC) | |
shared link | NznqhudSVDlD2cnmkdPpODJ8syKE1ydF |
Delete Shared Link
Field | Example |
|---|---|
timestamp(UTC) | 2025-01-20 10:50:51.415811 |
category | Shared Link |
event type | Delete Shared Link |
path/from | /folder_name/filename.png |
new path/to | |
user | CARBON\test_user_1 |
group | CARBON\domain users |
sid | S-1-5-21-1232635305-2242535681-3090488443-1109 |
share/export name | Automation |
volume type | CIFS |
client IP | 172.5.0.25 |
snapshot timestamp(UTC) | |
shared link | NznqhudSVDlD2cnmkdPpODJ8syKE1ydF |