Table of ContentsLibraryView in Frames

Audit logging

An audit log is a record of commands executed at the console, through a Telnet shell, an SSH shell, or by using the rsh command. All the commands executed in a source file script are also recorded in the audit log. Administrative HTTP operations, such as those resulting from the use of FilerView, are logged. All login attempts to access the storage system, with success or failure, are also audit-logged.

In addition, changes made to configuration and registry files are audited. Read-only APIs by default are not audited but you can enable auditing with the auditlog.readonly_api.enable option.

By default, Data ONTAP is configured to save an audit log. The audit log data is stored in the /etc/log directory in a file called auditlog.

For configuration changes, the audit log shows the following information:
  • What configuration files were accessed
  • When the configuration files were accessed
  • What has been changed in the configuration files
For commands executed through the console, a Telnet shell, an SSH shell, or by using the rsh command, the audit log shows the following information:
  • What commands were executed
  • Who executed the commands
  • When the commands were executed

The maximum size of the auditlog file is specified by the auditlog.max_file_size option. The maximum size of an audit entry in the auditlog file is 200 characters. An audit entry is truncated to 200 characters if it exceeds the size limit.

Every Saturday at midnight, the /etc/log/auditlog file is copied to /etc/log/auditlog.0, /etc/log/auditlog.0 is copied to /etc/log/auditlog.1, and so on. This also occurs if the auditlog file reaches the maximum size specified by auditlog.max_file_size.

The system saves auditlog files for six weeks, unless any auditlog file reaches the maximum size, in which case the oldest auditlog file is discarded.

You can access the auditlog files using your NFS or CIFS client, or using HTTP.

Note: You can also configure auditing specific to your file access protocol. For more information, see the Data ONTAP File Access and Protocols Management Guide.