volume audit
Enables or disables auditing on the specified volume.
You must have the fc
permission on the cluster to use this command. See
acl
for details about this
permission.
To learn how to determine whether auditing is enabled for a volume, see Checking Whether Auditing is Enabled for a Directory, File, or HPE Ezmeral Data Fabric Database Table.
Syntax
- CLI
maprcli volume audit [ -cluster <cluster name> ] -name <volume name> [-dataauditops <+|-operations>] [ -enabled <true|false> ] [ -forceenable true|false ] [ -coalesce <interval in minutes> ]
- REST
Request Type POST Request URL http[s]://<host>:<port>/rest/volume/audit?<parameters>
Parameters
Parameter |
Description |
---|---|
cluster | The cluster on which the volume is located. This parameter is required
if the volume is on a remote cluster. The remote cluster must be listed in
the mapr-clusters.conf file for the cluster where you run the
command. |
coalesce | The interval of time during which READ, WRITE, or GETATTR operations on
one file from one IP address or UID are logged only once for a particular
operation, if auditing is enabled. For example, suppose that a client application reads a single file three times in 6 minutes, so that there is one read at 0 minutes, another at 3 minutes, and a final read at 6 minutes. If the coalesce interval is at least 6 minutes, then only the first read operation is logged. However, if the interval is between 4 minutes, then only the first and third read operations are logged. If the interval is 2 minutes, all three read operations are logged. Now however, if the client was also writing to the file, irrespective of the coalesce interval for the read operation in the example stated previously, the write operation is logged, as it is a different operation from reading. The default value is 60 minutes. Setting this field to a larger number helps prevent audit logs from growing quickly. |
dataauditops | The comma separated list of filesystem operations to include (specified
with a preceding plus sign (+ )) and/or exclude (specified
with a preceding minus sign (- )) from auditing. NOTE If
the first operation in the list is to be excluded from auditing, it must
be preceded by two minus (-- ) signs. Subsequent
operations to exclude must be preceded by only a single minus
(- ) sign, whether or not the first operation was
included (using a plus (+ ) sign) or excluded (using two
minus (-- ) signs). If neither sign is specified, the
given operation is included for auditing.The operations that
can be included (
NOTE You can specify a mixed list of included and excluded operations.
There are no changes to operations that are not specified with the
command. |
enabled | Enables or disables the auditing of operations within the volume. You
must use either this parameter, the -coalesce parameter, or
both.See Enabling Auditing for the steps to enable auditing on directories, files, and tables in a volume. When you set the value
to false, auditing of operations within the volume ceases. None of the
auditing settings are changed on the directories, files, and HPE Ezmeral Data Fabric Database tables within the volume. If you later
run the |
forceenable | Enables or disables auditing of all directories, files, tables, and streams in the volume whether or not auditing is enabled at the individual file, table, and/or stream level. |
name | The name of the volume. |
Examples
Enable Auditing for a volume
The following example shows how to enable auditing for the volume “auditVolume”:
maprcli volume audit -name auditVolume -enabled true
curl -X POST 'https://abc.sj.us:8443/rest/volume/audit?name=auditVolume&enabled=true' --user <username>:<password>
Modify the list of operations to audit
The following example shows how to specify the operations to audit. Here,
create
operation is included for auditing and
lookup
operation is excluded from auditing. There are no changes to
operations that are not specified.
maprcli volume audit -name sampleAuditVolume -dataauditops +create,-lookup
curl -X POST 'https://server.sj.us:8443/rest/volume/audit?name=sampleAuditVolume&dataauditops=%2Bcreate%2C%2Dlookup' --user <username>:<password>