Protocol auditing is available for recording SMB, NFSv4.1, and NFSv3 operations performed by clients on the VAST Cluster.
Audit records report the time each operation was performed, identity attributes of the client user, the type of operation requested, the path accessed, affected files and directories, and the success of the operation. Protocol auditing provides you with a way to understand exactly what your users did on the storage system. The audit information is delivered in structured JSON format. You can use the information to analyze user data consumption and to automate and validate security reviews.
A global auditing policy sets global configuration settings such as the name of the audit directory, audit file size limit and so on. It also determines which protocols and operations are audited on all views. You can also configure an audit policy within each view policy which specifies additional actions and protocols to record for the views attached to the view policy.
Protocol auditing configuration at the view policy level can only increase auditing beyond the global configuration. It cannot decrease auditing from the global configuration.