Hi Yishikawa,

Thanks very much for the /etc/log/auditlog tip.

I ran the above command you suggested on the NetApp site and found the following NetApp library link entitled "Understanding Audit Logging"

https://library.netapp.com/ecmdocs/ECMP1368862/html/GUID-B6117506-C89B-4463-A2DF-29BFAC99A72F.html

In the above link, it is suggested that the filer saves audit-log files for six weeks, (unless any audit-log file reaches the maximum size) after which the oldest audit-log file is discarded.

I suspect any of the root account logon attempts I wanted to track will already have been deleted. 

I don't suppose there's any system shell commands that could accomplish the same aim?

Thanks for your response

C.J.(aka Millsy64)

If you want to save the audit logs for longer than the filer saves them, you can always setup a syslog server and have the filer forward the messages. If you have multiple filers you can forward all their logs to that one central sysog server and have one place to search. You can also save the logs for as long as you like.

--rdp

One suggestion would be to keep 52 weeklys on your vol0 vol...

Hello Dear,

Try checking in the autosupports sent to Netapp

You could also check in myautosupport not sure their retention but worth giving it a try

Thanks,

Piyush

That works, though it does make you dependant on NetApp for storing your data. Which is fine all the time you have an active support contract.

--rdp

Hello team.

As i requested  to you!

I jest wanted know the root user loging history can you please assist on it 

Thanks,

sake