Azure Files
An Azure service that offers file shares in the cloud.
1,414 questions
Diagnostic logs and Azure File Share
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 94%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBH%3C/text%3E%3C/svg%3E)
Benmehidi, Hamza (TI-CSTI)
1
Reputation point
Is there a way to have the userID (or UserSID or anything that could help identify a user) on an SMB event like create or delete ? it seems thats there are 2 kind of SMB events :
- events (like create or delete) that have a USERSID but the URI points to the file share root (\stoaccount.file.core.windows.net\nameshare)
- events (like create or delete) that don't have any informations related to the events but have a correct URI (\stoaccount.file.core.windows.net\nameshare\nameoffile)
i tried solving this issue with the support team but they didn't found a solution to this question , we could'nt even know what the first category of events refer to. which means right now we can't use the log activities as we will miss things or misunderstand events . do anyone use Azure Diag logs on azure file ? it's a critical point for our migration (as we have audit logs on-premise)
Azure Files
{count} votes
-
Sumarigo-MSFT 47,466 Reputation points Microsoft Employee Moderator2021-08-31T10:16:53.83+00:00 @Benmehidi, Hamza (TI-CSTI) Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
Can you share the case ID, let me check what all troubleshooting steps they have performed on this issue?
-
Sumarigo-MSFT 47,466 Reputation points Microsoft Employee Moderator
2021-09-02T15:37:00.57+00:00 @Benmehidi, Hamza (TI-CSTI) Just checking in to see if you have had a chance to see the previous response. Could you share the above required information to understand/investigate this issue further?
Sign in to comment
Sign in to answer