Note: This process was evaluated against VAST 5.4
Audit Access Configuration
To access the Audit Log JSON files, the user must be authorized to do so. This can be done either for the individual user explicitly or by specifying a group the user is a member of. This is set in the VMS settings under Settings - >Auditing → General.
.png?sv=2026-02-06&spr=https&st=2026-06-26T13%3A50%3A15Z&se=2026-06-26T14%3A01%3A15Z&sr=c&sp=r&sig=5hvar%2ByPjHcEA0VldHxZS5jHhAhsoV%2BEVYLUnOjX6QY%3D)
View Creation
A View must then be created. Using the default View Policy is suggested but not required. If creating a new View Policy for audit access, use the NFS Security Flavor. Do not select Create Directory when creating the view as the directory will already exist.
Path must match what is set for the Audit Directory Name. This will be /.vast_audit_dir by default.
Select the desired S3 Bucket Name or SMB Share Name as appropriate.
As the directory will already exist and is controlled elsewhere, the S3 Bucket Owner does not, and can not be specified. The Bucket owner will automatically be shown as root once the view has been created.
.png?sv=2026-02-06&spr=https&st=2026-06-26T13%3A50%3A15Z&se=2026-06-26T14%3A01%3A15Z&sr=c&sp=r&sig=5hvar%2ByPjHcEA0VldHxZS5jHhAhsoV%2BEVYLUnOjX6QY%3D)
NFS and SMB Access
For NFS and SMB access, mount as any other NFS Export or SMB Share would be mounted. Note: Only the specified users and/or groups will have access to the directory or the audit files themselves. This View is strictly read-only. Files and permissions cannot be modified via NFS or SMB.
[pwags@pwags-se-lin1 ~]$ sudo mkdir /mnt/audit
[pwags@pwags-se-lin1 ~]$ sudo mount -o vers=3,sec=sys main.selab-var203.selab.vastdata.com:/.vast_audit_dir /mnt/audit/
[pwags@pwags-se-lin1 ~]$ cd /mnt/audit/
[pwags@pwags-se-lin1 audit]$ ls -l
total 0
d---------. 2 root root 4096 May 28 11:42 audit_env_3
d---------. 2 root root 4096 May 28 11:45 audit_env_5
[pwags@pwags-se-lin1 audit]$ ls -l audit_env_3/
total 246691
----------. 1 root root 252611466 May 28 11:47 audit_log_29_2026-05-28_18.42.28.141686167
[pwags@pwags-se-lin1 audit]$.png?sv=2026-02-06&spr=https&st=2026-06-26T13%3A50%3A15Z&se=2026-06-26T14%3A01%3A15Z&sr=c&sp=r&sig=5hvar%2ByPjHcEA0VldHxZS5jHhAhsoV%2BEVYLUnOjX6QY%3D)
S3 Access
For access using the S3 Protocol, the user must have a S3 Access key. Unlike other S3 access, no specific Identity Policy needs to be defined for the user since access to Audit Directory and it’s contents are controlled by the Audit settings.
[pwags@pwags-se-lin1 ~]$ aws s3 --profile var203 --endpoint http://main.selab-var203.selab.vastdata.com ls s3://audit
PRE audit_env_3/
PRE audit_env_5/
[pwags@pwags-se-lin1 ~]$ aws s3 --profile var203 --endpoint http://main.selab-var203.selab.vastdata.com ls s3://audit/audit_env_3/
2026-05-28 11:47:36 252611466 audit_log_29_2026-05-28_18.42.28.141686167
[pwags@pwags-se-lin1 ~]$