Configuring Global Auditing Settings via VAST Web UI
From the left navigation menu, select Settings and then Auditing.
Complete the General settings:
Audit directory name
Specify a name for the audit directory. A directory of this name will be created directly under the root directory of the tenant in the Element Store. Audit records are written to this directory.
The default is
.vast_audit_dir.Read-access Users
List users to grant them read access to all files in the audit directory.
Specify each user by user name. Enter a comma to start entering a new user. Each user name appears with a removal button so that you can remove if needed while you are editing the field.
Tip
To make the audit directory accessible to clients, create a view on the directory.
Read-access Groups
List groups to grant them read access to all files in the audit directory.
Specify each group by group name. Enter a comma to start entering a new group. Each group name appears with a removal button so that you can remove if needed while you are editing the field.
Tip
To make the audit directory accessible to clients, create a view on the directory.
Size limit per audit file
The maximum size of each file of audit records in the audit directory. Audit records are written to subdirectories of the audit directory per CNode core. Records written to each directory roll over to a new file when the file reaches this size.
This setting limits the size of each audit file, but it does not limit the total size of all audit files.
Specify the value with units of MB, GB, TB and so on.
Default: 1GB
Size limit per audit directory
The maximum size of the audit directory.
Specify the value with units of MB, GB, TB and so on.
By default, the audit directory size is not limited.
Under Define retention period, select one of the following:
Keep forever. Audit files are kept for an unlimited period of time.
Define retention manually (default). Choose this option to manually set the retention period for keeping audit files. Enter an integer and select the unit of measurement from the dropdown. The default is one hour.
Under Auditing, select where to store audit logs:
Save audit logs to VAST DB. Audit logs are saved in a VAST DataBase table and can be viewed in the VAST Audit Log page (DataBase -> VAST Audit Log).
Save audit logs to file (JSON format). Audit logs are saved in JSON format into a file in the directory specified in the Audit directory name field.
You can enable both options at the same time, in which case audit logs will be saved in both locations.
Under Global Baseline Audit Settings, optionally set auditing settings to apply globally to all views. Any settings that you do not enable here can be set per view policy. Settings that you do enable here will apply to all views, even if the view policy does not have these settings.
Toggle the Enable option on. Default global audit settings are now enabled.
Under Select protocols to assign operations, select one or more protocols to enable auditing of protocol operations.
Under Operations to audit, choose one or more categories of operations to be audited for the protocol(s) for which auditing is enabled:
Create/Delete Files/Directories/Objects
Operations that create or delete files, directories, or objects.
Modify Data
Operations that modify data. This includes operations that change the file size.
Modify Metadata
Operations that modify metadata.
Read Data
Operations that read data.
Read Metadata
Operations that read metadata.
Session create/close
For sessions that use Kerberos 5 authentication (krb5, krb5i, or krb5p), the session creation and closing operations.
Optionally change the Audit record options:
Log Full Path
If enabled (default for all protocols), audit records contain the full Element Store path to the requested resource. This may affect performance. When disabled, only the view path and the file name are recorded.
Log Username
Disabled by default.
If enabled, audit records contain the username (if a username can be retrieved from the auth provider).
Click Save.