The community will be undergoing maintenance soon, requiring Read-Only mode. Click to learn more.

Network and Storage Protocols

Increasing retention of messages file and auditlog

madden

I read in the sysadmin guide that the messages and auditlog are rotated weekly and maintained for 6 weeks.  Is there any way to change it from 6 to something higher?

For messages we could configure syslog to send them to a loghost and keep longer retention there, but for auditlog I can’t think of a solution that doesn’t involve some scripting.

Any ideas?  Maybe something on the OnCommand server that collects and maintains files for a longer period?

Thanks,
Chris

2 REPLIES 2

mglanville2

I think auditlog is rotated by size...

https://kb.netapp.com/support/index?page=content&id=1011104

Scripting may be the only solution for long term retention to avoid filling root up.

OnCommand gathering security logs sounds good, though I think it creates most of the entries in there as it monitors....

madden

My understanding is Data ONTAP keeps the last 6 auditlogs.  The auditlog is rotated weekly OR when the auditlog.max_file_size is reached.  So adjusting the auditlog.max_file_size won't help...

I guess I'll investigate fetching the log weekly over the API or CIFS, or maybe use PowerShell.  With PowerShell it looks like I could either get the formatted logs periodically using Get-NaSystemLog, or the raw log using Read-NaFile. 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public