You must perform several tasks to configure system event auditing.
Steps
- Determine what events you want to audit.
For example, if you want to audit all the events on a volume or qtree, apply the Storage-Level Access Guard security using the fsecurity command.
- If you want to audit file and directory access events, set your system access control lists (SACLs).
- Enable CIFS auditing and NFS auditing, as applicable.
- If you want to use Live View to manage auditing, enable Live View.
Otherwise, familiarize yourself with audit log management.
- Use Event Viewer to display audit events.