Learn about ONTAP auditing of NFS file and directory access events
Contributors
Suggest changes
PDFs
ONTAP can audit certain NFS file and directory access events. Knowing what access events can be audited is helpful when interpreting results from the converted audit event logs.
You can audit the following NFS file and directory access events:
-
READ
-
OPEN
-
CLOSE
-
READDIR
-
WRITE
-
SETATTR
-
CREATE
-
LINK
-
OPENATTR
-
REMOVE
-
GETATTR
-
VERIFY
-
NVERIFY
-
RENAME
To reliably audit NFS RENAME events, you should set audit ACEs on directories instead of files because file permissions are not checked for a RENAME operation if the directory permissions are sufficient.