Table of ContentsView in Frames

Enabling NFS auditing

You can enable NFS auditing by performing several tasks.

About this task

For more information about the options described in these steps, see the options(1) man page.

Steps

  1. In the /etc/log directory on the storage system, create a file called nfs-audit.

    Note: Steps 1 and 2 are mandatory for auditing in a UNIX security style qtree but optional for auditing in NTFS or mixed security style qtrees.

  2. To identify the NFS log filter file, enter the following command:
    options cifs.audit.nfs.filter.filename /etc/log/nfs-audit
  3. To enable auditing of file access events, enter the following command:
    options cifs.audit.file_access_events.enable on

    Note: Auditing of file access and logon events is turned off by default.

  4. To enable NFS auditing, enter the following command:
    options cifs.audit.nfs.enable on
  5. Configure audit log management.
  6. On the Windows administration host, set the filter file’s system access control list (SACL).