6.5 HP StoreAll OS User Guide

ManualsBrandsHP ManualsStorageHP X9320 IB 21.6TB Network Storage System

301

302

303

304

305

306

307

308

309

310

Monitor the space used by the audit logs and reports in the <mount point>/.archiving/.database

tree, which includes current metadata and the audit log history. To reduce the space used, reduce

the number of events enabled for auditing and/or shorten the time specified in the Audit Log

Expiration Policy box.

Managing audit log reports

Audit log reports include metadata for selected file system events that occurred during a specific

time period. To generate an audit log report, click Run a Report on the Audit Log panel. Specify

the parameters for the report on the Run an Audit Log Report dialog box:

Table 33 Fields on the Audit Log Report dialog box

DescriptionField

Select one of the following options:Sort Order

• Sort By Timestamp. Lists all events ordered by timestamp.

• Sort By Pathname. Lists all file events ordered by file name.

• Unsorted. Lists all events without using any sort order.

Select the desired start date for the audit logs.Start Date

Select the desired end date for the audit logs.End Date

Select audit logs for files within the given absolute file path. The mount point

must be omitted.

File Path

Identifies the events that are either disabled or enabled. When auditing in

first enabled, all events are disabled by default. You can manage events as

follows:

Disabled Events and Enabled Events

• Click the double right arrow to move all events from the Disabled Events

box to the Enabled Events box.

• Click the double left arrow to move all events from the Enabled Events

box to the Disabled Events box.

• Select an individual event in either box and click the appropriate single

arrow (left or right) to either enable or disable it.

• Select a category of events to move all of the events in that category to

the Enabled Events box. See Table 34 (page 304) for the list of events by

category.

When generating audit log reports, consider the following guidelines:

• Although you can select any of the events for a report, an event must be selected for auditing

to appear in the report. Use ibrix_fs -A or the Modify Audit Settings dialog box to change

the events selected for auditing.

• Directory rename events are displayed as a file rename events in the audit log reports. For

example, if you rename directory_a to directory_b, the audit log reports display the event as

follows:

Event: FILE_RENAMED PATHNAME= directory_b

• If the NFS clients receives the requested data from its own cache, the read operation is not

logged in the audit report.

• Attempts to violate access permissions are not audited. For example, any attempts to read,

modify or delete a file outside of a user's permissions will fail, and the attempts will not be

logged in the audit log report.

• If auditing is enabled and the file system segment is full, most operations will fail, returning

error code "-28 (ENOSPC)" to the application. Because events cannot be logged, the operations

are blocked. The only operations permitted in this situation are Read, Unlink, and RmDir.

These operations will complete, but no logging of these events will occur in the audit log or

302 Express Query