Diagnostic logs and Azure File Share

Benmehidi, Hamza (TI-CSTI) 1 Reputation point
2021-08-17T17:35:18.187+00:00

Is there a way to have the userID (or UserSID or anything that could help identify a user) on an SMB event like create or delete ? it seems thats there are 2 kind of SMB events :

  • events (like create or delete) that have a USERSID but the URI points to the file share root (\stoaccount.file.core.windows.net\nameshare)
  • events (like create or delete) that don't have any informations related to the events but have a correct URI (\stoaccount.file.core.windows.net\nameshare\nameoffile)

i tried solving this issue with the support team but they didn't found a solution to this question , we could'nt even know what the first category of events refer to. which means right now we can't use the log activities as we will miss things or misunderstand events . do anyone use Azure Diag logs on azure file ? it's a critical point for our migration (as we have audit logs on-premise)

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,183 questions
{count} votes