ONTAP 9.14.1 commands

vserver object-store-server audit create

Create an audit configuration

Availability: This command is available to cluster and Vserver administrators at the admin privilege level.

Description

The vserver object-store-server audit create command creates an audit configuration for a Vserver.

When you create an object store audit configuration, you can also specify the rotation method. By default, the audit log is rotated based on size.

You can use the time-based rotation parameters in any combination (-rotate-schedule-month , -rotate-schedule-dayofweek , -rotate-schedule-day , -rotate-schedule-hour , and -rotate-schedule-minute ). The -rotate-schedule-minute parameter is mandatory. All other time-based rotation parameters are optional.

The rotation schedule is calculated by using all the time-related values. For example, if you specify only the -rotate-schedule-minute parameter, the audit log files are rotated based on the minutes specified on all days of the week, during all hours on all months of the year. If you specify only one or two time-based rotation parameters (say -rotate-schedule-month and -rotate-schedule-minutes ), the log files are rotated based on the minute values that you specified on all days of the week, during all hours, but only during the specified months. For example, you can specify that the audit log is to be rotated during the months January, March, and August on all Mondays, Wednesdays, and Saturdays at 10:30.

If you specify values for both -rotate-schedule-dayofweek and -rotate-schedule-day , they are considered independently. For example if you specify -rotate-schedule-dayofweek as Friday and -rotate-schedule-day as 13 then the audit logs would be rotated on every Friday and on the 13th day of the specified month, not just on every Friday the 13th.

Parameters

-vserver <vserver name> - Vserver

This parameter specifies the name of the Vserver on which to create the audit configuration. The Vserver must already exist.

-destination <text> - Log Destination Path

This parameter specifies the audit log destination path where consolidated audit logs are stored. If the path is not valid, the command fails. The path can be up to 864 characters in length and must have read-write permissions.

[-events {data|management}] - Categories of Events to Audit

This parameter specifies the categories of events to be audited. Supported event categories are: data and management events, The corresponding parameter values are: data , management .

[-format <json>] - Log Format

This parameter specifies the output format of the audit logs. By default, the output format is JSON.

[-rotate-size {<size>|-}] - Log File Size Limit

This parameter specifies the audit log file size limit. By default, the audit log is rotated based on size. The default audit log size is 100 MB.

[-rotate-schedule-month <cron_month>,…​] - Log Rotation Schedule: Month

This parameter specifies the monthly schedule for rotating the audit log. For example, you can specify that the audit log is to be rotated during the months January, March, and August, or during all the months. Valid values are January, February, March, April, May, June, July, August, September, October, November, December, and all. Specify "all" to rotate the audit logs every month.

[-rotate-schedule-dayofweek <cron_dayofweek>,…​] - Log Rotation Schedule: Day of Week

This parameter specifies the daily (day of the week) schedule for rotating the audit log. For example, you can specify that the audit log is to be rotated on Tuesdays and Fridays, or during all the days of a week. Valid values are Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, and all. Specify "all" to rotate the audit logs every day.

[-rotate-schedule-day <cron_dayofmonth>,…​] - Log Rotation Schedule: Day

This parameter specifies the day of the month schedule for rotating the audit log. For example, you can specify that the audit log is to be rotated on the 10th and 20th days of a month, or all days of a month. Valid values range from 1 to 31.

[-rotate-schedule-hour <cron_hour>,…​] - Log Rotation Schedule: Hour

This parameter specifies the hourly schedule for rotating the audit log. For example, you can specify that the audit log is to be rotated at 6 a.m and 10 a.m. Valid values range from 0 (midnight) to 23 (11:00 p.m.). Specify "all" to rotate the audit logs every hour.

[-rotate-schedule-minute <cron_minute>,…​] - Log Rotation Schedule: Minute

This parameter specifies the minute schedule for rotating the audit log. For example, you can specify that the audit log is to be rotated at the 30th minute. Valid values range from 0 to 59.

{ [-rotate-limit <integer>] - Log Files Rotation Limit

This parameter specifies the audit log files rotation limit. A value of 0 indicates that all the log files are retained. The default value is 0. For example, if you enter a value of 5, the last five audit logs are retained.

| [-retention-duration <[<integer>d][<integer>h][<integer>m][<integer>s]>] - Log Retention Duration }

This parameter specifies the audit log files retention duration. A value of 0s indicates that all the log files are retained. The default value is 0s. For example, if you enter a value of 5d0h0m, logs more than 5 days old are deleted.

Examples

The following examples create an audit configuration for Vserver vs1 using size-based rotation.

cluster1::> vserver object-store-server audit create -vserver vs1 -destination /audit_log -rotate-size 10MB -rotate-limit 5

The following example creates an audit configuration for Vserver vs1 using time-based rotation. The audit logs are rotated monthly, all days of the week, at 12:30.

cluster1::> vserver object-store-server audit create -vserver vs1 -destination /audit_log -rotate-schedule-month all -rotate-schedule-dayofweek all -rotate-schedule-hour 12 -rotate-schedule-minute 30

The following example creates an audit configuration for Vserver vs1 using time-based rotation. The audit logs are rotated in January, March, May, July, September, and November on Monday, Wednesday, and Friday, at 6:15, 6:30, 6:45, 12:15, 12:30, 12:45, 18:15, 18:30, and 18:45. The last 6 audit logs are retained.

cluster1::> vserver object-store-server audit create -vserver vs1 -destination /audit_log -rotate-schedule-month January,March,May,July,September,November -rotate-schedule-dayofweek Monday,Wednesday,Friday -rotate-schedule-hour 6,12,18 -rotate-schedule-minute 15,30,45 -rotate-limit 6

The following example creates an audit configuration for Vserver vs1 for auditing object store data access events in the output log format Json.

cluster1::> vserver object-store-server audit create -vserver vs1 -destination /audit_log -format json -events data
Top of Page