auditing file access with samba and splunk

published on
Preamble The other week, we had an issue with our working production data on our ZFS file servers. We have a running service that uses a CIFS share to extract file contents, read in a XML file, and then from that file, build out a directory structure based on a field in that order file. I won’t get into the horrible details, but we eventually discovered that this service does not halt or error an order if that field is missing! Read More...