Skip to main content

Auditing requirements and considerations

Before you configure and enable auditing on your storage virtual machine (SVM), you need to be aware of certain requirements and considerations.

  • The maximum number of auditing-enabled SVMs supported in a cluster is 50.

  • Auditing is not tied to CIFS or NFS licensing.

    You can configure and enable auditing even if CIFS and NFS licenses are not installed on the cluster.

  • NFS auditing supports security ACEs (type U).

  • For NFS auditing, there is no mapping between mode bits and auditing ACEs.

    When converting ACLs to mode bits, auditing ACEs are skipped. When converting mode bits to ACLs, auditing ACEs are not generated.

  • The directory specified in the auditing configuration must exist.

    If it does not exist, the command to create the auditing configuration fails.

  • The directory specified in the auditing configuration must meet the following requirements:

    • The directory must not contain symbolic links.

      If the directory specified in the auditing configuration contains symbolic links, the command to create the auditing configuration fails.

    • You must specify the directory by using an absolute path.

      You should not specify a relative path, for example, /vs1/../.

  • Auditing is dependent on having available space in the staging volumes.

    You must be aware of and have a plan for ensuring that there is sufficient space for the staging volumes in aggregates that contain audited volumes.

  • Auditing is dependent on having available space in the volume containing the directory where converted event logs are sto

    red.

    You must be aware of and have a plan for ensuring that there is sufficient space in the volumes used to store event logs. You can specify the number of event logs to retain in the auditing directory by using the -rotate-limit parameter when creating an auditing configuration, which can help to ensure that there is enough available space for the event logs in the volume.

  • Although you can enable central access policy staging in the auditing configuration without enabling Dynamic Access Control on the CIFS server, Dynamic Access Control must be enabled to generate central access policy staging events.

    Dynamic Access Control is not enabled by default.