Audit Log Record Fields

  • Updated on Feb 1, 2026
  • Published on Jan 27, 2026
  • 2 minute(s) read
Prev Next

An audit log record can include the following fields:Viewing Protocol Audit Logs

Field Name

Description

AdsName

The SMB Alternative Data Stream (ADS) name, including information about affected internal handles.

BucketName

The S3 bucket name.

ClientIP

The IP from which the RPC was received.

ClusterName

The name of the cluster.

ClusterVip

The virtual IP on which the RPC was received.

CnodeName

The CNode name.

ConnectionType

Connection type for S3 requests: HTTP or HTTPS.

CreateAction

Indicates the SMB type of action, such as create, open, overwrite, or supersede a file.

CreateDisposition

SMB action to perform if the file specified in a create request already exists.

CreateOptions

SMB options applied when creating or opening the file.

DeleteOnClose

Whether the SMB request required the file to be deleted after all its handles were closed.

GrantedAccess

Permissions granted as a result of the NFSv4 access check.

GrantedPermissions

Permissions granted as a result of the NFSv3 access check.

InfoClass

The class of information obtained with the SMB GET_INFO request.

InfoType

The type of information set with the SMB SET_INFO request.

LoginName

The user name. Appears only if you configured VAST Cluster to log user login names and when this information could be retrieved from the authorization provider.

Name

The name of the file or directory, including information about affected internal handles.

ObjectType

The type of object the request acts upon: DIRECTORY, FILE, SYMLINK, BUCKET, OBJECT (for S3 objects) or UNKNOWN.

The object type of UNKNOWN is shown for failed requests only. It means that the request had failed before VAST Cluster was able to determine the correct object type from the request.

Path

The full Element Store path, including information about affected internal handles. This field appears only when VAST Cluster is configured to log full path.

Protocol

The client protocol that sent the RPC.

RenameName

The target name in an NFSv4 rename or move operation.

RenamePath

The target path in an NFSv4 rename or move operation.

RequestId

The ID of the S3 request.

RequiredAccess

Permissions required to perform the requested NFSv4 operation.

RequiredPermissions

Permissions required to perform the requested NFSv3 operation.

RPCSubTypes

One or more attributes that are set with the requested NFSv3 or NFSv4 operation.

RPCType

The requested operation.

S3AccessKeys

The user's S3 access keys, if applicable.

sid

The user's SMB user SID.

SourceObject

This structure contains the name of the S3 source bucket and the name of the source object, including information about its version (if applicable) and affected internal handles.

Status

Indicates if the operation was successful or not.

Symlink

The symlink name.

Tenant

The tenant to which access was requested.

Time

The RPC time.

VersionId

The S3 object version ID.

VersionPHandle

The internal handle for the S3 object version.

ViewPath

The path relative to the view. This field appears only when VAST Cluster is not configured to log full paths.

uid

The user's NFS UID.

UploadId

The S3 multipart upload ID.

UsedS3AccessKey

The S3 access key that was used in the request.

Related articles
  • Audit Log Record Fields
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Administrator's Guide > Managing Access Protocols > Protocol Auditing
  • Audit Log Record Fields
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 Tenant Administrator’s Guide > Managing Access Protocols > Protocol Auditing
  • Audit Log Record Fields
    VAST Cluster > Version 5.4 > VAST Cluster 5.4 Tenant Administrator's Guide > Managing Access Protocols > Protocol Auditing