If you need to find if a user has viewed a specific file, purged a file or downloaded a bunch of files, you can use Morro Data Audit, which is included in the CloudNAS Enterprise plan. With Morro Data Audit, administrators can search the event log and session logs to view user and administrator activity in the system. Simply enable Audit on your shares and the system will collect all activity in a unified log.


To begin searching the logs, be sure to perform the following:


  • If you are not already, make sure your system is on the CloudNAS Enterprise Service plan. If you are not already on Enterprise, you can upgrade from the Account page in your Team Portal. When upgrading, your service plan bill will change. For more information on how to upgrade your plan, refer to the Upgrade section in the article: Manage Morro Account - Business Admin
  • Enable Audit on the Shares on where you want to collect file and session logs. For more information on how to enable Audit on a share, refer to the article: Audit - Settings


Note: Event and Session logging only begins after it's enabled on the Share. Previous events and sessions are not saved..


Session Logs

Session logs record the connections from clients to the network shares. Connections are filtered by user, date/time, share, and gateway. Within a session, the Audit process will log all events that occur such as file logs.



A session is defined by a connection to the share by a user. The session connection has a unique id associated with it. Once the specific session is found, the event logs for that session can be viewed in the Events page.


Click on the Session ID to create an Event Stream for that session.





Event Logs


Event logs record all the actions performed on a file. Event logs are managed in Event Streams which are created from the logged data based on user, date/time, share, and gateway.



Once an Event Stream is created, the event information can be filtered further by date/time, user, share, gateway, and file name and folder paths.



Click on SHOW DETAILS to view the results. Make note of the operations column which contains all actions performed on a file.



The following table lists the types of user actions through SMB or the MCM web portal and their corresponding operation commands in Morro Audit.



Audit expands Morro Data's security offerings by enabling administrators to view usage history. Through Audit and accompanying security features, organizations can also maintain compliance with data security and provisions such as HIPAA.