NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

Network and Storage Protocols

Increasing retention of messages file and auditlog

madden
4,625 Views

I read in the sysadmin guide that the messages and auditlog are rotated weekly and maintained for 6 weeks.  Is there any way to change it from 6 to something higher?

For messages we could configure syslog to send them to a loghost and keep longer retention there, but for auditlog I can’t think of a solution that doesn’t involve some scripting.

Any ideas?  Maybe something on the OnCommand server that collects and maintains files for a longer period?

Thanks,
Chris

2 REPLIES 2

mglanville2
4,625 Views

I think auditlog is rotated by size...

https://kb.netapp.com/support/index?page=content&id=1011104

Scripting may be the only solution for long term retention to avoid filling root up.

OnCommand gathering security logs sounds good, though I think it creates most of the entries in there as it monitors....

madden
4,625 Views

My understanding is Data ONTAP keeps the last 6 auditlogs.  The auditlog is rotated weekly OR when the auditlog.max_file_size is reached.  So adjusting the auditlog.max_file_size won't help...

I guess I'll investigate fetching the log weekly over the API or CIFS, or maybe use PowerShell.  With PowerShell it looks like I could either get the formatted logs periodically using Get-NaSystemLog, or the raw log using Read-NaFile. 

Public