Q) In this situation, what is the correct way to monitor the file share ?
A) A file server failover cluster can be built in different ways, listing some of them:
1. using file server role, the target item can be specified as UNC path using network name of the file server role (e.g. \\network name of file server role\share) or like computer object (e.g. FQDN, netbios, IPv4 of of file server role)
2. without file server role, here you can specify the target item using the cluster name the same way as described in first point, like UNC path or computer object.
Following the above mentioned settings, Netwrix Auditor automatically checks for active cluster node and collect the data accordingly.
If anything does not make sense, please feel free to ask.
We are still facing issue collecting event on file share server changes from Customer Cluster File Share server.
Below is the issue reported.
Ticket #:00260612
Brief description:Monitor Plan created & executed successfully but no data is collected
In customer environment, they are using $ as hidden drive in the UNC path
\\egwgwgfs\T$\sharedfolder
Based on the documentation:-
If you specify a single computer name, Netwrix Auditor will monitor all shared folders on this computer. Netwrix Auditor does not track content changes on folders whose name ends with the $ symbol (which are either hidden or administrative/system folders). In order for the report functionality to work properly, you need to configure audit settings for each share folder on the computer separately. Otherwise, reports will contain limited data and warning messages.
Will Netwrix support this UNC path \\egwgwgfs\T$\sharedfolder in term of track changes ?