You can enable NFS auditing by performing several tasks.
About this task
For more information about the options described in these steps, see the options(1) man page.
- In the /etc/log directory on the storage system, create a file called nfs-audit.
Note: Steps 1 and 2 are mandatory for auditing in a UNIX security style qtree but optional for auditing in NTFS or mixed security style qtrees.
- To identify the NFS log filter file, enter the following command:
options cifs.audit.nfs.filter.filename /etc/log/nfs-audit
- To enable auditing of file access events, enter the following command:
options cifs.audit.file_access_events.enable on
Note: Auditing of file access and logon events is turned off by default.
- To enable NFS auditing, enter the following command:
options cifs.audit.nfs.enable on
- Configure audit log management.
- On the Windows administration host, set the filter file’s system access control list (SACL).