Issue

When adding a NAS filer such as a NetApp or EMC Isilon to Data Insight, audit events can be configured to be sent to Data Insight via that filer's audit utility.

In Data Insight, those audit events are parsed against the configured shares for scanning. If there are nested shares, then the events will be dropped from the shared folder that exists in the file system of another share.

To illustrate this hierarchy, clients view the shares on the server IADATA01 as:

Where the share called "NestedShare" exists as a sub-directory of the share called "Applications"

Any audit events coming in for users that have access to \\IADATA01\NestedShare will be dropped as the share "Application" exists as a configured share in Data Insight.

Nested shares are not supported in Data Insight. Nested shares raise issues about which share to submit the audit event against and the potential to duplicate events. It is expected that access to the file system is handled in a more granular way with shares and using file system groups.

Remove the parent shares from Data Insight and auditing will automatically resume.