Table of Contents
Snaplock compliance volumes may additionally be used as compliant log volumes for operations performed on any SnapLock volume or system.
SnapLock enterprise volumes may allow audited file deletions before the expiration of file retention dates. This privileged delete capability may be enabled on a per volume basis when secure logging is properly configured.
privdel log options clock
Allows the deletion of retained files on SnapLock enterprise volumes before the expiration date of the file specified by path. The -f flag allows the command to proceed without interactive confirmation from the user.
For this command to succeed the user must be accessing the node over a secure connection and must be a member of the Compliance Administrators group (see na_useradmin(1))
This command is not available on SnapLock compliance volumes.
volume [ -f ] [ vol ]
archive vol [ basename ]
status vol [ basename ]
The volume command sets the SnapLock log volume to vol if the volume vol is online and is a SnapLock Compliance volume. The active SnapLock log files on the previous log volume (if there was one) will be archived. New SnapLock log will be initialized on the new volume vol. If the volume vol is not specified then the command displays the current SnapLock log volume.
SnapLock log file archival normally happens whenever the size of a log reaches the maximum size specified by the snaplock.log.maximum_size option (see na_options(1)). The archive command forces active SnapLock log file to be archived and replaces them with new log files. If the basename parameter is given, the active SnapLock log file with that base name will be archived and replaced. Otherwise, all active SnapLock log files on log files on volume vol will be archived and replaced.
The status command reports the status of the active SnapLock log files on volume vol.
snaplock options [ -f ] vol privdel [ on | off disallowed ]
The options privdel command sets or reports the state of the privileged delete option on a SnapLock enterprise volume. The -f flag is required to be able to set the state to disallowed to prevent operator error. The -f flag is ignored if it is used to set the option to any other state.
The valid states are:
Not initialized: No state has yet been specified for this volume and no privileged deletions will be allowed on the volume.
on: The feature is turned on and deletions are allowed.
off: The feature is turned off and no privileged delete operations will be allowed. The feature may be turned on in future.
disallowed: The feature has been disabled for this volume and can never be turned on for this volume.
sync [ <volume> ]
status[ <volume> ]
The initialize command initializes the system compliance clock from the system clock. Compliance clock can be initialized only once by the user. Once initialized, user cannot make any changes to the system compliance clock.
The sync command forces a sync of the volume compliance clock to the system compliance clock. If the volume is specified, then volume compliance clock of only that volume is synced to the system compliance clock.
The status command prints the value of the system compliance clock and volume compliance clock of all the SnapLock volumes present in the system. If the volume is specified, then command prints volume compliance clock of only that system.
Deletes the file myfile on the enterprise volume slevol. The user must have sufficient privileges and must have initiated the command over a secure connection to the node for the command to succeed.
snaplock log volume
Prints out the value of system compliance log volume name if it has been initialized. An uninitialzed SnapLock log volume will be reported as not set.
snaplock log volume logvol
Sets the SnapLock log volume to logvol.
snaplock log volume -f logvol
Sets the SnapLock log volume to logvol and ignores any errors encountered during SnapLock log volume change.
snaplock log status logvol
Prints log status for all the active SnapLock log files on volume logvol.
snaplock log status logvol priv_delete
Prints the status for the active SnapLock log file priv_delete on volume logvol.
snaplock options -f slevol privdel on
Turn on the privileged delete feature on enterprise volume slevol without asking for confirmation.
Table of Contents