Table of ContentsView in Frames

How the filter file controls NFS audit events

The log filter file controls file audit events by means of the SACL you set on it. Setting a SACL on the filter file has the same effect as setting the same SACL on every file and directory on the storage system.

Note: Because the log filter file SACL can potentially generate audit events from every file and directory on the storage system, enabling NFS auditing with the log filter file can affect system performance.

The effect of the filter file depends on the security setting of the qtree in which the files are located.

When an operation is performed on files in a UNIX security style, the event is logged depending on the SACL on the filter file.

When an operation is performed on files in an NTFS or mixed security-style qtree that has no SACL set, the event is logged depending on the SACL on the filter file.

However, if SACLs are set on individual files or directories, these SACLs take precedence over the SACL set on the filter file.