Supported event types

You can view or modify the event types that are audited in an access zone.

Event name
Example protocol activity
Audited by default
Can be exported through CEE
Cannot be exported through CEE
create
  • Create a file or directory
  • Open a file, directory, or share
  • Mount a share
  • Delete a file
    Note Image

    While the SMB protocol allows you to set a file for deletion with the create operation, you must enable the delete event in order for the auditing tool to log the event.

X
X
 
close
  • Close a directory
  • Close a modified or unmodified file
X
X
 
rename
Rename a file or directory
X
X
 
delete
Delete a file or directory
X
X
 
set_security
Attempt to modify file or directory permissions
X
X
 
read
The first read request on an open file handle
 
X
 
write
The first write request on an open file handle
 
X
 
get_security
The client reads security information for an open file handle
 
 
X
logon
SMB session create request by a client
 
 
X
logoff
SMB session logoff
 
 
X
tree_connect
SMB first attempt to access a share
 
 
X