File access audit logs

Enable the file access audit option to generate audit events for all:

User logins
User logoffs
File operations for both NFS and SMB protocols

The logs are created for each VFS (Virtual File Server). You can view the list of generated log files and perform view/delete operation on those log files.

The details about audit command, user, role, time stamp, and the status of the action is available in audit logs.

The events include IP address of the client and location of the file which is accessed. In addition for SMB, the events will have username and SID and for NFS, the events include UID and GID details. File access audit is provided for HPE SMB and NFS to start with File Persona actions.

NOTE:

UID/GID Guidelines:

For File Persona 1.4 and earlier, the ID value must be between 1000 and 65535.
For File Persona 1.5 and later, the ID value must be between 100 and 1000000000 but not 65534.

Log rotation and compression are based on fixed file size, specified time (in minutes), or number of files. User can also delete logs based on retention period set.