The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to reigister at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

audit-guarantee True or False

CAPPPER12

Hello,

Release 9.4P1

 

server::> set diag
server::> vserver audit show -fields audit-guarantee


vserver                      audit-guarantee
--------------               ---------------
svm01                       true

 

server::> vserver audit modify -vserver svm01 -destination /audit_log -audit-guarantee false
server::> vserver audit show -fields audit-guarantee


vserver                      audit-guarantee
--------------               ---------------
svm01                       false

 

server::> set admin

 

What does "audit-guarantee" buy me, or what does it do? By default it is set to True when audit logging is enabled. However, we were having issues with the volume running out space (resolved now) but audit-guarantee was preventing CIFs files from being accessed when the volume ran out of space. So it was disabled. What I cannot find is what exactly is does or does not do when it is disabled.

Thank you in advance.

 

1 ACCEPTED SOLUTION

chris_hurley

audit-guarantee does exactly what it says.   It ensures that the SMB operation is successfully audited before the ACK is returned to the client.  It eliminates the need for the EventID 516/4612 (Audit events lost).  If the audit log entry cannot be recorded while audit-guarantee is on, then the CIFS operations either gets delayed or denied.  When audit-guarantee is off, then the CIFS operation can be completed without sucessfully creating an entry in the audit log.  This is only for evtx/xml auditing.

 

View solution in original post

4 REPLIES 4

chris_hurley

audit-guarantee does exactly what it says.   It ensures that the SMB operation is successfully audited before the ACK is returned to the client.  It eliminates the need for the EventID 516/4612 (Audit events lost).  If the audit log entry cannot be recorded while audit-guarantee is on, then the CIFS operations either gets delayed or denied.  When audit-guarantee is off, then the CIFS operation can be completed without sucessfully creating an entry in the audit log.  This is only for evtx/xml auditing.

 

View solution in original post

CAPPPER12

@chris_hurley,

Do you know if it is possible to control what is logged?  For example, we do not need every read event logged.  This takes a tremendous amount of log data.  Is there a way to not log Read Events?

 

Thank you.

RajeshPanda

@CAPPPER12  Let me know if you are still looking for the solution, i will help you find an expert who can answer to your query

CAPPPER12

@RajeshPanda Yes.  Thank you.

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public