Audit logging creates a chronological record of management activities. You can specify what types of activities in the management interface are audited.
Data ONTAP enables you to audit two types of requests—set requests and get requests. A set request typically applies to non-display commands, such as creating, modifying, or deleting an object. A get request occurs when information is retrieved and displayed to a management interface. This is the type of request that is issued when you run a show command, for instance.
You use the security audit commands to manage audit settings. Regardless of the settings for the security audit commands, set requests are always recorded in the command-history.log file of the /mroot/etc/log/mlog/ directory, and the file is sent by AutoSupport to the specified recipients.
You can also use the security audit modify command to specify whether the following requests are also recorded in the mgwd.log file of the /mroot/etc/log/mlog/ directory for technical support and diagnostic purposes:
By default, auditing of set requests is enabled (that is, recorded in the mgwd.log file), and auditing of get requests is disabled.
The command-history.log and mgwd.log files are rotated when they reach 100 MB in size, and their previous 34 copies are preserved (with a maximum total of 35 files, respectively).
The nodeshell audit log files (auditlog.*) are stored in the /mroot/etc/log/ directory of a node. AutoSupport messages include the nodeshell audit log files of a node and those of the partner node.
You can display the content of the /mroot/etc/log/ directory by using a web browser.