Select buckets for S3 auditing

Contributors

You must specify which buckets to audit in an audit-enabled SVM.

What you’ll need
  • An SVM enabled for S3 auditing.

About this task

S3 auditing configurations are enabled on a per-SVM basis, but you must select the buckets in SVMS that are enabled for audit. If you add buckets to the SVM and you want the new buckets to be audited, you must select them with this procedure. You can also have non-audited buckets in an SVM enabled for S3 auditing.

Auditing configurations persist for buckets until removed by the vserver object-store-server audit object-select delete command.

Procedure

Select a bucket for S3 auditing:

vserver object-store-server audit event-selector create -vserver svm_name -bucket bucket_name [[-access] {read-only|write-only|all}] [[-permission] {allow-only|deny-only|all}]

  • -access - specifies the type of event access to be audited: read-only, write-only or all (default is all).

  • -permission - specifies the type of event permission to be audited: allow-only, deny-only or all (default is all).

Example

The following example creates a bucket auditing configuration that only logs allowed events with read-only access:

cluster1::> vserver object-store-server audit event-selector create -vserver vs1 -bucket test-bucket -access read-only -permission allow-only