ONTAP Hardware

Snaplock audit log for privileged delete



We have a metrocluster with snaplock enterprise license. Some files were wrongly committed to WORM and we would like to use privileged delete feature.
In order to used that feature, we must create an audit log on a snaplock volume. If I understand the doc, the audit log will inherit retention of the affected files:

Note: The minimum default retention period for audit log files is six months. If the retention period of an affected file is longer than the retention period of the audit log, the retention period of the log inherits the retention period of the file. So, if the retention period for a file deleted using privileged delete is 10 months, and the retention period of the audit log is 8 months, the retention period of the log is extended to 10 months.

The output of the audit log create command makes me concerned about having a number of drives indelible and unusable (WORM retention period is years...)

Warning: You have selected a SnapLock Enterprise volume as an audit log volume. You will not be able to delete the volume and the hosting aggregate until
         the volume expires.
Do you want to continue? {y|n}: n


I was thinking to create a small aggregate for this purpose...

Could someone please clarify if there will be any way to force aggregate deletion? 

Thank you 




Hi there!


So that you have a log and advice from us on the actions to undertake, I strongly suggest you contact our support center for guidance on this topic, as the consequences for mistakes, as you have identified, are very unfavorable.