Hi Yishikawa,
Thanks very much for the /etc/log/auditlog tip.
I ran the above command you suggested on the NetApp site and found the following NetApp library link entitled "Understanding Audit Logging"
https://library.netapp.com/ecmdocs/ECMP1368862/html/GUID-B6117506-C89B-4463-A2DF-29BFAC99A72F.html
In the above link, it is suggested that the filer saves audit-log files for six weeks, (unless any audit-log file reaches the maximum size) after which the oldest audit-log file is discarded.
I suspect any of the root account logon attempts I wanted to track will already have been deleted.
I don't suppose there's any system shell commands that could accomplish the same aim?
Thanks for your response
C.J.(aka Millsy64)