Is there a way to pipe SMB Audit logs from on-prem to ephemeral storage within Azure, and then parse the contents to a database?

Question

Is there a way to pipe SMB Audit logs from on-premise CTERA edge filer to an ephemeral storage container within Azure, and then parse the contents to a database? This would allow security audits to be analyzed or reported on based on specific time, user, folder or file path, etc. What tools could be used for this?

Answer

Hello @Robert Hodges ,
Thanks for the question and using MS Q&A platform.

As we understand the ask here is if we can copy the contents of the audit logs to the database , please do let us know if its not accurate.
Let me start with that i have never seen the audit logs for CTERA edge filer , but after read your ask , just went through the link https://kb.ctera.com/docs/viewing-logs-1 .
I think we can do what you want using Azure Synapse Analytics . Since you logs are in-premise , you will have to use the Self hosted runtime * read more here .
Once you have the connection to the in-premise you can use the copy activity for data flow move or transform the data .
Copy activity : https://learn.microsoft.com/en-us/azure/data-factory/copy-activity-overview
Mapping dataa flow : https://learn.microsoft.com/en-us/azure/data-factory/concepts-data-flow-overview

Please do let me if you have any queries.
Thanks
Himanshu

Please don't forget to click on or upvote button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
Want a reminder to come back and check responses? Here is how to subscribe to a notification
- If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators

Is there a way to pipe SMB Audit logs from on-prem to ephemeral storage within Azure, and then parse the contents to a database?

1 answer