Modifying a file system audit policy

File Service Administration Guide for Hitachi NAS Platform

Version
14.9.x
Audience
anonymous
Part Number
MK-92HNAS006-31
  1. Navigate to Home > Files Services > File System Audit Policies.
    If the file system with the audit policy you want to change is not displayed, change the currently selected EVS to display the EVS hosting the file system with the audit policy you want to change. To select a different EVS, click change to go to the Select an EVS page, in which you can select a different EVS.
  2. Click the details button on the file system with the audit policy you want to modify to display the File System Audit Policy Details page.


    The following table describes the fields on this page:

    Field/Item Description
    EVS/File System Lists the currently selected EVS and file system, to which the audit policy will apply. Click change to go to the Select a File System page, where you can select a different EVS and file system.
    Auditing Indicates whether file system auditing is enabled or disabled. Click enable or disable to toggle the auditing mode.
    Access via Unsupported Protocols When clients attempt to access the file system through a protocol that does not support auditing (such as NFSv2), this setting determines if those clients are permitted to access the file system. You can select either:
    • Deny Access. Client access to the file system using unauditable protocols (such as iSCSI) is denied.
    • Allow Access. Allows client access to the file system using unauditable protocols (such as iSCSI), but does not create any auditing events.
    Audited Protocols When clients attempt to access the file system through a protocol that does not support auditing (such as iSCS), this setting determines if those clients are permitted to access the file system. You can select either:
    • smb. Only the SMB protocol is audited. Access to SMB is always allowed, and access through other protocols is determined through the Other Protocol Support option.
    • smb,nfsv3. Both the SMB and NFSv3 protocols are audited. Access to SMB and NFSv3 is always allowed, and access through other protocols is determined via the Other Protocol Support option.
    External Stops the audit records from being stored locally (including audit log backups) and instead only makes them available to an external audit log server. To configure an external logging server, use the audit-syslog CLI command or for third-party audit logging applications, configure an audit log consolidated cache and then read the audit logs using the Windows EVENTLOG protocol.
    Active Log File Name Specifies the file name for the file system audit log. The file name must have an .evt extension. The default file name is audit.evt.
    Logging Directory Specifies the directory within the file system in which the file system audit log files are saved. You can use the browse button to search for an existing directory, or enter the name of a directory to be created.
    Maximum Log File Size Specifies the maximum size of the active audit log file in KiB or MiB. The default is 512 KiB. The maximum value is 50 MiB.
    Log roll over policy Determines what the system does once the active audit log file is full (when it reaches the Maximum Log File Size). You can select either:
    • Wrap, which causes the system to delete the oldest existing audit entry to allow room for a new entry.
    • New, which causes the system to create a new active audit log file. The default is New.
    Backup Interval Specifies the time (in minutes) between automatic backups of the active audit log. The backup interval must be between 5 and 14400 minutes (10 days). A value of 0 disables the automatic backups. The default is 0.
    Number of files to retain Specifies the number of backup audit log files to retain. The default is 10.
  3. Modify the policy as required.
  4. Click OK to save the policy as specified.