Create or Delete Files, Directories, or Objects
This category includes operations that create or delete files or directories (for NFS and SMB), objects (for S3), or tables and schemas (for VAST DB).
You enable logging of these operations by selecting the Create/Delete Files/Directories/Objects option in VAST Web UI audit settings.
NFSv3 | NFSv4 | SMB | S3 | VAST Database |
|---|---|---|---|---|
CREATE, when it creates a file MKDIR LINK SYMLINK MKNOD REMOVE RMDIR RENAME | CREATE OPEN, when it creates a file LINK REMOVE RENAME | CREATE, when it creates a new file or directory, or opens an existing file in delete-on-close mode SET_INFO, when it is used for delete on close or when it renames a file or directory CLOSE, when it is used for delete on close | Bucket-level operations:
Object-level operations:
| CREATE_SCHEMA DROP_SCHEMA CREATE_TABLE DROP_TABLE CREATE_PROJECTION DROP_PROJECTION PUT_BUCKET_LOGGING GET_BUCKET_LOGGING PUT_BUCKET_OWNERSHIP_CONTROLS DELETE_BUCKET_OWNERSHIP_CONTROLS GET_BUCKET_OWNERSHIP_CONTROLS |
Modify Data
This category includes operations that modify data. These include operations that change the file size.
You enable logging of these operations by selecting the Modify Data option in VAST Web UI audit settings.
NFSv3 | NFSv4 | SMB | S3 | VAST Database |
|---|---|---|---|---|
CREATE, when it truncates a file WRITE SETATTR if setting size | OPEN, if it truncates an existing file WRITE SETATTR if setting the attribute results in a change in file size | CREATE, if it truncates an existing file WRITE IOCTL on a file or directory, if it modifies data SET_INFO with FileAllocationInformation, FileEndOfFileInformation, FileValidDataLengthInformation | N/A | INSERT_ROWS IMPORT_DATA UPDATE_ROWS DELETE_ROWS |
Modify Metadata
This category includes operations that modify metadata.
You enable logging of these operations by selecting the Modify Metadata option in VAST Web UI audit settings.
NFSv3 | NFSv4 | SMB | S3 | VAST Database |
|---|---|---|---|---|
SETATTR if changing an existing attribute SETACL | SETATTR if setting the attribute does not result in a change in file size | IOCTL on a file or directory, if it modifies metadata SET_INFO with structures other than FileAllocationInformation, FileEndOfFileInformation, FileValidDataLengthInformation | Bucket-level operations:
Object-level operations:
| ALTER_SCHEMA ALTER_TABLE ADD_COLUMNS ALTER_COLUMN DROP_COLUMNS ALTER_PROJECTIONS |
Read Data
This category includes operations that read data.
You enable logging of these operations by selecting the Read Data option in VAST Web UI audit settings.
NFSv3 | NFSv4 | SMB | S3 | VAST Database |
|---|---|---|---|---|
READ | READ VERIFY | READ | GetObject | SELECT QUERY_DATA |
Read Metadata
This category includes operations that read metadata.
You enable logging of these operations by selecting the Read Metadata option in VAST Web UI audit settings.
NFSv3 | NFSv4 | SMB | S3 | VAST Database |
|---|---|---|---|---|
READDIR READDIRPLUS GETACL ACCESS, if the RPC failed or if the granted access is lower than the requested access | GETATTR READDIR VERIFY ACCESS | QUERY_DIRECTORY | Bucket-level operations:
Object-level operations:
| LIST_SCHEMAS GET_TABLE_STATS LIST_TABLES LIST_COLUMNS GET_PROJECTION_STATS LIST_PROJECTIONS LIST_PROJECTION_COLUMNS |
Create or Close Sessions
This category includes session creation and closing operations for sessions that use Kerberos 5 authentication (krb5, krb5i, or krb5p), and also VAST Database transaction operations.
You enable logging of these operations by selecting the Session create/close option in VAST Web UI audit settings.
NFSv4 | SMB |
|---|---|
Kerberos user token creation Kerberos user token deletion | SESSION_SETUP LOGOFF |