When an unexpired SnapLock file is deleted, an entry is made in the log file. The log file captures all information about the SnapLock file.
This log record is helpful during an audit because the log entry serves as an evidence for the deleted file. If the expiry time of the deleted SnapLock file exceeds the expiry time of the SnapLock log file, the expiry time of the log file is automatically extended to be the same as the expiry time of the deleted SnapLock file. This ensures that the log record for file deletion is retained at least until the expiry date of the deleted file. The SnapLock Compliance volume contains the SnapLock log files.
The SnapLock log file logs the following events:
When you use the privileged delete feature, the snaplock.pre.privileged.delete log entry is logged immediately before the file is deleted, and the snaplock.post.privileged.delete log entry is logged immediately after the file is deleted. The following table lists the fields that are logged for snaplock.pre.privileged.delete and snaplock.post.privileged.delete events in the SnapLock log file with the base name priv_delete:
Field | Events | Description |
---|---|---|
sequence_number | Logged for snaplock.pre.privileged.delete and snaplock.post.privileged.delete | The sequence number maps the snaplock.pre.privileged.delete and snaplock.post.privileged.delete log entries. |
file_pathname | Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete | The complete path of the file on which the privileged delete operation is performed. |
file_expires | Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete | Expiry date of the file. |
file_fingerprint | Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete | XML-formatted fingerprint using a secure hash of the file's metadata and contents. |
client_user | Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete | User name of the client who performs the operation. |
client_ip_address | Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete | The IP address of the client who performs the delete operation.
Note: This field is not valid if
client_transport is CONSOLE.
|
client_transport | Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete | Transport used by client request. It can have the following values:
|
result | Logged only for snaplock.post.privileged.delete | Describes the success or failure of the delete operation. |
The snaplock.pre.option.privileged.delete log entry is logged immediately before the privileged delete option is modified on the volume, and the snaplock.post.option.privileged.delete log entry is logged immediately after the privileged delete option is modified on the volume. The following table lists the fields that are logged for snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete events in the SnapLock log file with the base name priv_delete:
Field | Events | Description |
---|---|---|
sequence_number | Logged for both snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete | The sequence number maps the snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete log entries. |
volume | Logged for both snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete | The name of the SnapLock volume. |
changed_from | Logged for both snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete | The starting value for the option. |
changed_to | Logged for both snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete | The ending value for the option. |
result | Logged for snaplock.post.option.privileged.delete | Describes the success or failure of the option change operation. |
Field | Description |
---|---|
whodidit | The name of the user who modified the compliance group. |
username | The name of the user who was added or deleted in a group. |
action | Describes if a user is added or deleted to compliance group. This can be one of the following values: "added" or "deleted." |
The following table lists the fields that are logged for the snaplock.log.volume.changed event in the SnapLock log file with the base name system_log:
Field | Description |
---|---|
old_log_volume | The name of the previous log volume. |
new_log_volume | The name of the new log volume. |