Skip to content

Get-NtfsAuditFileActivity

SYNOPSIS

Retrieve a list of accessed files from NetApp audit logs via Kibana.

SYNTAX

Get-NtfsAuditFileActivity [-unc] <String> [[-Months] <Int32>] [[-pwstateid] <String>]
 [[-Credential] <PSCredential>] [<CommonParameters>]

DESCRIPTION

This function retrieves a list of files that have been read or written to, along with the number of actions and the last action date, based on the specified UNC path. It queries the NetApp audit logs via Kibana and supports filtering by a specified time range.

EXAMPLES

EXAMPLE 1

Get-NtfsAuditFileActivity -unc "\\groepgent\data\District09"

Retrieves a list of all files accessed in the last 12 months on the UNC path "\\groepgent\data\District09" and their last action dates.

EXAMPLE 2

Get-NtfsAuditFileActivity -unc "\\groepgent\data\Finance" -months 6

Retrieves a list of all files accessed in the last 6 months on the UNC path "\\groepgent\data\Finance" and their last action dates.

PARAMETERS

-unc

The UNC path to filter the audit logs for file activity.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Months

The number of months to look back for file activity. Defaults to 12 months. The maximum value is 12.

Type: Int32
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: 12
Accept pipeline input: False
Accept wildcard characters: False

-pwstateid

The PasswordState ID for the credentials used to access the Elastic server. Defaults to '28410'.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 3
Default value: 28410
Accept pipeline input: False
Accept wildcard characters: False

-Credential

A PSCredential object containing the credentials to use for accessing the Elastic server. If not provided, the function will attempt to retrieve the credentials from PasswordState.

Type: PSCredential
Parameter Sets: (All)
Aliases:

Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES