NFS file and directory access events that can be audited

Contributors

ONTAP can audit certain NFS file and directory access events. Knowing what access events can be audited is helpful when interpreting results from the converted audit event logs.

You can audit the following NFS file and directory access events:

  • READ

  • OPEN

  • CLOSE

  • READDIR

  • WRITE

  • SETATTR

  • CREATE

  • LINK

  • OPENATTR

  • REMOVE

  • GETATTR

  • VERIFY

  • NVERIFY

  • RENAME

To reliably audit NFS RENAME events, you should set audit ACEs on directories instead of files because file permissions are not checked for a RENAME operation if the directory permissions are sufficient.