Hi All,
Tue Dec 1 12:06:36 SGT [filer01: cifs.auditfile.autosaved.onsize:info]: Autosaving the CIFS audit log file (/vol/vol1/Share1/log/adtlog.evt)
Tue Dec 1 12:06:37 SGT [filer01: wafl.quota.qtree.exceeded:notice]: tid 20: tree quota exceeded on volume vol1. Additional warnings will be suppressed for approximately 60 minutes or until a 'quota resize' is performed.
Tue Dec 1 12:06:37 SGT [filer01: cifs.auditfile.logFile.IOError:error]: ALF I/O error 0x1c (No space left on device) on file /vol/vol1/Share1/log/adtlog.evt.tmp: writing.
Tue Dec 1 12:06:37 SGT [filer01: cifs.audit.tmpfile.IOerr:error]: Access Logging Facility (ALF) I/O error 0x1c (No space left on device) on file /etc/log/cifsaudit.alf: I/O error while writing event records to temporary file. Use the command 'cifs audit start' to restart CIFS auditing.
Tue Dec 1 12:06:37 SGT [filer01: cifs.auditfile.enable.off:info]: ALF: CIFS auditing stopped.
The current cifs.audit settings are as follow:
cifs.audit.account_mgmt_events.enable off
cifs.audit.autosave.file.extension timestamp
cifs.audit.autosave.file.limit 30
cifs.audit.autosave.onsize.enable on
cifs.audit.autosave.onsize.threshold 75%
cifs.audit.autosave.ontime.enable on
cifs.audit.autosave.ontime.interval 1d
cifs.audit.enable off
cifs.audit.file_access_events.enable on
cifs.audit.liveview.allowed_users
cifs.audit.liveview.enable off
cifs.audit.logon_events.enable on
cifs.audit.logsize 20000000
cifs.audit.nfs.enable off
cifs.audit.nfs.filter.filename
cifs.audit.saveas /vol/vol1/Share1/log/adtlog.evt
Please help me to find out what was wrong in these above settings.
The another thing I would like to do is that I would like to log the cifs auditing day by day basic and after the month ends, the oldest log will be purged and circular the logging. How should I change the settings for take effect this requirement.
Thank you and well appreciated for help.
Best Regards.
Lin.