If you do not allow any missing logs during these steps, stop access from users by means such as stopping associated shares, etc.
If you must backup the security.evt already in use, disable auditing and save the file in prior to the steps below.
For details, refer to
https://dl.dell.com/content/manual69194096-dell-emc-unity-family-configuring-hosts-to-access-smb-file-systems.pdf?language=en-us
Change the location of security.evt file from default ( \\SMB_server_netbios_name\C$\.etc\audit\security.evt ) to custom location on a NAS filesystem:
As Domain Admin, open the Windows Registry Editor: Start>Run>regedit and select "File -> "Connect Network Registry" and enter SMB server hostname/IPaddress/FQDN to connect:
Once connected you see the local and remote registry, expand the following tree and highlight "Security":
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Eventlog/Security
When the "File" entry is changed to a new location, the security file is created:
Path used is C:\UnityNASFS\1\security.evt.
Connect to the target CIFS server referring to https://support.emc.com/kb/501783.
Then navigate to Security, right-click it and Clear all Events in order for the change to take effect.
Change the size of the security.evt file from default size of 512 KB to a custom size:
The size can be changed in registry, a few lines under the "File" location, "MaxSize" can be specified.
The size of security.evt file can as well be specified by using "Event Viewer" on Windows.
Connect to remote computer and choose SMB server using hostname/IPaddress/FQDN:
Right-click Security and select properties:
If you have stopped associated shares or disabled auditing, enable auditing and start the associated shares again.
NAS Server/SMB server and Filesystem used for this example are:
NAS Server = UnityNAS
SMB Server =
\\unitynas.supportw2k8.muc.de
Filesystem = UnityNASFS