Table of ContentsView in Frames

What the SnapLock log file contains

When an unexpired SnapLock file is deleted, an entry is made in the log file. The log file captures all information about the SnapLock file.

This log record is helpful during an audit because the log entry serves as an evidence for the deleted file. If the expiry time of the deleted SnapLock file exceeds the expiry time of the SnapLock log file, the expiry time of the log file is automatically extended to be the same as the expiry time of the deleted SnapLock file. This ensures that the log record for file deletion is retained at least until the expiry date of the deleted file. The SnapLock Compliance volume contains the SnapLock log files.

The SnapLock log file logs the following events:

  • snaplock.log.volume.changed
  • snaplock.pre.privileged.delete
  • snaplock.post.privileged.delete
  • snaplock.pre.option.privileged.delete
  • snaplock.post.option.privileged.delete
  • snaplock.user.added.deleted
The following log entries will be logged for all the events:
  • LogEntry date (System Date)
  • SCCdate (system ComplianceClock date)
  • VCCdate (volume ComplianceClock date)
  • node (name of the system)
  • vFilerName
  • vFilerUUID
  • LogVersion

When you use the privileged delete feature, the snaplock.pre.privileged.delete log entry is logged immediately before the file is deleted, and the snaplock.post.privileged.delete log entry is logged immediately after the file is deleted. The following table lists the fields that are logged for snaplock.pre.privileged.delete and snaplock.post.privileged.delete events in the SnapLock log file with the base name priv_delete:

Field Events Description
sequence_number Logged for snaplock.pre.privileged.delete and snaplock.post.privileged.delete The sequence number maps the snaplock.pre.privileged.delete and snaplock.post.privileged.delete log entries.
file_pathname Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete The complete path of the file on which the privileged delete operation is performed.
file_expires Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete Expiry date of the file.
file_fingerprint Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete XML-formatted fingerprint using a secure hash of the file's metadata and contents.
client_user Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete User name of the client who performs the operation.
client_ip_address Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete The IP address of the client who performs the delete operation.
Note: This field is not valid if client_transport is CONSOLE.
client_transport Logged for both snaplock.pre.privileged.delete and snaplock.post.privileged.delete Transport used by client request. It can have the following values:
  • SSH
  • HTTPS
  • CONSOLE
    Note: The client_ip_address field is not valid if this field has value 'CONSOLE'.
result Logged only for snaplock.post.privileged.delete Describes the success or failure of the delete operation.

The snaplock.pre.option.privileged.delete log entry is logged immediately before the privileged delete option is modified on the volume, and the snaplock.post.option.privileged.delete log entry is logged immediately after the privileged delete option is modified on the volume. The following table lists the fields that are logged for snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete events in the SnapLock log file with the base name priv_delete:

Field Events Description
sequence_number Logged for both snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete The sequence number maps the snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete log entries.
volume Logged for both snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete The name of the SnapLock volume.
changed_from Logged for both snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete The starting value for the option.
changed_to Logged for both snaplock.pre.option.privileged.delete and snaplock.post.option.privileged.delete The ending value for the option.
result Logged for snaplock.post.option.privileged.delete Describes the success or failure of the option change operation.
The following table lists the fields that are logged for the snaplock.user.added.deleted event in the SnapLock log file with the base name system_log:
Field Description
whodidit The name of the user who modified the compliance group.
username The name of the user who was added or deleted in a group.
action Describes if a user is added or deleted to compliance group. This can be one of the following values: "added" or "deleted."

The following table lists the fields that are logged for the snaplock.log.volume.changed event in the SnapLock log file with the base name system_log:

Field Description
old_log_volume The name of the previous log volume.
new_log_volume The name of the new log volume.