NFS file and directory access events that can be audited
Contributors
Suggest changes
PDFs
ONTAP can audit certain NFS file and directory access events. Knowing what access events can be audited is helpful when interpreting results from the converted audit event logs.
You can audit the following NFS file and directory access events:
-
READ
-
OPEN
-
CLOSE
-
READDIR
-
WRITE
-
SETATTR
-
CREATE
-
LINK
-
OPENATTR
-
REMOVE
-
GETATTR
-
VERIFY
-
NVERIFY
-
RENAME
To reliably audit NFS RENAME events, you should set audit ACEs on directories instead of files because file permissions are not checked for a RENAME operation if the directory permissions are sufficient.