Changes to audit logging in ONTAP 9


Beginning in ONTAP 9, the command-history.log file is replaced by audit.log, and the mgwd.log file no longer contains audit information. If you are upgrading to ONTAP 9, you should review any scripts or tools that refer to the legacy files and their contents.

After upgrade to ONTAP 9, existing command-history.log files are preserved. They are rotated out (deleted) as new audit.log files are rotated in (created).

Tools and scripts that check the command-history.log file might continue to work, because a soft link from command-history.log to audit.log is created at upgrade. However, tools and scripts that check the mgwd.log file will fail, because that file no longer contains audit information.

In addition, audit logs in ONTAP 9 and later no longer include the following entries because they are not considered useful and cause unnecessary logging activity:

  • Internal commands run by ONTAP (that is, where username=root)

  • Command aliases (separately from the command they point to)

Beginning in ONTAP 9, you can transmit the audit logs securely to external destinations using the TCP and TLS protocols.