Audit Logging

Fusion File Share supports audit features.

There are two options in the global section to control the audit behavior:

• audit_enable – Enable/disable audit logging. The default is false (disabled).
• audit_params – Parameters of audit module.

The following parameters can be specified with ‘audit_params’ configuration option:

• ‘path’

  Path where to save audit log.

• ‘days’

  The number of days after which audit log files will be rotated (current one saved with the name suffixed with the date). The default is 1 day.

• ‘uid’

  Whether to include POSIX UID value of the authenticated user to the log messages. The possible values are [true | false]. The default is true.

• ‘gid’

  Whether to include POSIX GID value of the authenticated user to the log messages. The possible values are [true | false]. The default is true.

• ‘cn’

  Whether to include Common Name value of the authenticated user to the log messages. The possible values are [true | false]. The default is true.

• ‘sensitive_data’

  Whether to allow sensitive data to appear in the audit log. “Sensitive” data is the data that the user does not want to disclose when sending audit log to third parties, such as: domain names, IP addresses, user names, and file paths. The possible values are:

  • ‘allow’ – The data appears as is.
  • ‘strip’ – The data is changed to a string ‘***’ in the log.
  • ‘hash’ – The data is replaced with its hash value. This allows hiding data, but the log is still easier to analyze because the same entities appear as the same hash string.

  The default is ‘allow’.

For example, global section may contain:

audit_enable = true
audit_params = path=/var/demo/nas/meta/Logs/Audit,days=1,uid=true

There is an additional configuration option in share section to control the audit level which determines the extent of messages and events logged. Please refer to section Audit Levels for more details.