Describes filesystem, HPE Ezmeral Data Fabric Database, and HPE Ezmeral Data Fabric Event Store operations that are audited by default, and operations that can be selectively enabled or disabled for auditing.
This type of auditing is for operations that are managed by the filesystem, HPE Ezmeral Data Fabric Database, and HPE Ezmeral Data Fabric Event Store. These operations take place within volumes and have effects at the level of the data-fabric filesystem.
The following table shows whether (Y) or not (N)
the following operations on files and directories are audited. In the table, the
operations with Y in the Selective Auditing Support column
can be included and/or excluded from auditing. Operations with N in
the Selective Auditing Support column are audited by default and cannot be
excluded from auditing. Use the name specified in the Operation Name to use for
Selective Auditing column when you run the maprcli command to enable or
disable auditing for that operation.
| Operation | Name in Audit Logs | Operation Name to use for Selective Auditing | Directories | Files | Selective Auditing Support |
|---|---|---|---|---|---|
| Change group owner | CHGRP | chgrp | Y | Y | Y |
| Change owner | CHOWN | chown | Y | Y | Y |
| Change permissions | CHPERM | chperm | Y | Y | Y |
| Create | CREATE | create | N/A | Y | Y |
| Create device (not used) | CREATEDEV | createdev | N/A | Y | Y |
| Create symbolic link | CREATESYM | createsym | Y | Y | Y |
| Delete file | DELETE | delete | N/A | Y | Y |
| Disable auditing | DISABLEAUDIT | N/A | Y | Y | N |
| Enable auditing | ENABLEAUDIT | N/A | Y | Y | N |
| Offload file to tiered storage | FILE_OFFLOAD | fileoffload or filetieroffloadevent | N/A | Y | Y |
| Recall file from tiered storage | FILE_RECALL | filerecall or filetierrecallevent | N/A | Y | Y |
| Scan offset ranges owned by given FID. Used in tiered operations to get owned offsets during offload and recall operations. | FILE_SCAN | filescan | N/A | Y | Y |
| Abort ongoing offload or recall of file | FILE_TIER_JOBABORT | filetierjobabort | N/A | Y | Y |
| Retrieve status for an existing file level tier job (offload/recall) | FILE_TIER_JOBSTATUS | filetierjobstatus | N/A | Y | Y |
| Audit event generated on file server while purging data during offload operation | FILE_TIER_OFFLOAD_EVENT | filetieroffloadevent | N/A | N | Y |
| Audit event generated on file server while recalling data during recall operation | FILE_TIER_RECALL_EVENT | filetierrecallevent | N/A | N | Y |
| Get attributes | GETATTR | geattr | N | N | Y |
| Obtains the file path given the File ID | GETPATHFORFID | getpathforfid | Y | Y | Y |
| Get extended attributes | GETXATTR | getxattr | Y | Y | Y |
| Get the mode bits for files/directories accessed over NFS | GETPERM | getperm | Y | Y | Y |
| Create hardlink | HARDLINK | hardlink | Y | Y | Y |
| List extended attributes | LISTXATTR | listxattr | Y | Y | Y |
| Lookup | LOOKUP | lookup | Y | Y | Y |
| Create directory | MKDIR | mkdir | Y | N/A | Y |
| Read a file | READ | read | N/A | Y | Y |
| Read a directory | READDIR | readdir | Y | N/A | Y |
| Remove extended attributes | REMOVEXATTR | removexattr | Y | Y | Y |
| Rename | RENAME | rename | Y | Y | Y |
| Delete a directory | RMDIR | rmdir | Y | N/A | Y |
| Set attributes | SETATTR | setattr | Y | Y | Y |
| Set extended attributes | SETXATTR | setxattr | Y | Y | Y |
| Truncate a file | TRUNCATE | truncate | N/A | Y | Y |
| Write to a file | WRITE | write | N/A | Y | Y |
The following operations on both types of HPE Ezmeral Data Fabric Database
tables are audited by default. Operations with Y in the
Selective Auditing Support column can be included or excluded from
auditing. Operations with N in the Selective Auditing
Support column are audited by default and cannot be excluded from auditing.
Use the name specified in the Operation Name to use for Selective Auditing
column when you run the maprcli
command to enable or disable auditing for that operation.
| Operation | Name in Audit Logs | Operation Name to use for Selective Auditing | Selective Auditing Support |
|---|---|---|---|
| Create a column family | DB_CFCREATE | tablecfcreate | Y |
| Modify a column family | DB_CFMODIFY | tablecfmodify | Y |
| Delete a column family | DB_CFREMOVE | tablecfdelete | Y |
| Scan a column | DB_CFSCAN | tablecfscan | Y |
| Get data | DB_GET | tableget | Y |
| Perform incremental bulk load | DB_IMPORTBUCKET | N/A | N |
| Perform full bulk load | DB_IMPORTSEGMENT | N/A | N |
| Put data | DB_PUT | tableput | Y |
| Compact a table region | DB_REGIONCOMPACT | N/A | N |
| Look up a region on the current node | DB_REGIONLOOKUP | N/A | N |
| Merge two consecutive regions | DB_REGIONMERGE | N/A | N |
| Split a region into two | DB_REGIONSPLIT | N/A | N |
| Configure a replica for a table | DB_REPLICAADD | N/A | N |
| Edit the replica for a table | DB_REPLICAEDIT | N/A | N |
| List the replicas for a table | DB_REPLICALIST | N/A | N |
| Remove a replica for a table | DB_REPLICAREMOVE | N/A | N |
| Scan a table | DB_SCAN | tablescan | Y |
| Create a table | DB_TABLECREATE | tablecreate | Y |
| View information about a table | DB_TABLEINFO | tableinfo | Y |
| Modify a table | DB_TABLEMODIFY | tablemodify | Y |
| Add an upstream source to a replica | DB_UPSTREAMADD | N/A | N |
| List all upstream sources for a replica | DB_UPSTREAMLIST | N/A | N |
| Remove an upstream source for a replica | DB_UPSTREAMREMOVE | N/A | N |
The following operations on HPE Ezmeral Data Fabric Event Store are audited
by default. Operations with Y in the Selective Auditing
Support column can be included or excluded from auditing. Operations with
N in the Selective Auditing Support column are audited
by default and cannot be excluded from auditing. Use the name specified in the
Operation Name to use for Selective Auditing column when you run the
maprcli command to enable or disable auditing for that operation.
| Operation | Name in Audit Logs | Operation Name to use for Selective Auditing | Selective Auditing Support |
|---|---|---|---|
| Modify attributes or permissions of a stream | DB_CFMODIFY | tablecfmodify | Y |
| Produce messages to topics of a stream | DB_PUT | tableput | Y |
| Add a replica | DB_REPLICAADD | N/A | N |
| Edit a replica | DB_REPLICAEDIT | N/A | N |
| List the replicas for a stream | DB_REPLICALIST | N/A | N |
| Remove a replica | DB_REPLICAREMOVE | N/A | N |
| Consume messages from topics of a stream | DB_SCAN | tablescan | Y |
| Add an upstream source to a replica | DB_UPSTREAMADD | N/A | N |
| List all upstream sources for a replica | DB_UPSTREAMLIST | N/A | N |
| Remove an upstream source from a replica | DB_UPSTREAMREMOVE | N/A | N |