# Manage audit and forwarding using the CLI

You can use the `weka audit` commands to configure and manage the audit and forwarding feature. The commands are organized into the following groups:

* `weka audit cluster`: Manage audit settings at the cluster level.
* `weka audit fs`: Manage audit settings for specific filesystems.

## Manage cluster-level auditing

Use the `weka audit cluster` commands to control the audit feature for the entire cluster.

### **Enable or disable cluster-wide auditing**

The auditing functionality is disabled by default. Enable it at the cluster level before you can configure auditing for specific filesystems. This initial enablement sets up the necessary infrastructure and components required for the audit system to function.

* To enable:

  ```
  weka audit cluster enable
  ```
* To disable:

  ```
  weka audit cluster disable
  ```

### **View cluster audit status**

View the current cluster-wide status of the audit feature.

```
weka audit cluster status
```

### **View cluster audit statistics**

View detailed statistics about the audit logs for the entire cluster.

```
weka audit cluster stats
```

### **Set the global audit operations**

Defines the global default policy for which categories of operations are audited across the cluster. This policy applies to all filesystems but can be overridden by settings on an individual filesystem. You can choose to audit `all` categories or specify a subset (for example, `read`, `delete`).

```
weka audit cluster set-global-operations [<operations>]...
```

**Parameter**

<table><thead><tr><th width="155.77734375">Name</th><th>Description</th></tr></thead><tbody><tr><td><code>operations</code>*</td><td><p>A space-separated list of operation categories to audit. Providing a new list replaces any previously set global operations.</p><p>Values: <code>all</code>, <code>none</code>, <code>open</code>, <code>create</code>, <code>read</code>, <code>modify</code>, <code>delete</code>, <code>rename</code>, <code>close</code>, <code>sessionmanagement</code>.</p></td></tr></tbody></table>

### **Manage full path resolution**

Use the following commands to control the asynchronous process that adds full file paths to audit events. Including full paths provides valuable context for each operation but may introduce a performance impact. Disabling this feature can increase event throughput if the path information is not required for your use case.

* To enable resolution of full file paths in forwarded audit events:

  ```
  weka audit cluster resolve-paths enable
  ```
* To disable the resolution of full file paths in forwarded audit events.:

  ```
  weka audit cluster resolve-paths disable
  ```

## Manage filesystem-level auditing

Use the `weka audit fs` commands to control audit settings for individual filesystems.

### **View filesystem audit status**

List the audit status for all filesystems or a specific filesystem.

```
weka audit fs status [--name name]
```

**Parameter**

<table><thead><tr><th width="181.84765625">Name</th><th>Description</th></tr></thead><tbody><tr><td><code>name</code></td><td>The name of a specific filesystem to view.</td></tr></tbody></table>

### **Enable or disable auditing for a filesystem**

Enable or disable auditing on a specific filesystem.

* To enable:

  ```
  weka audit fs enable <name>
  ```
* To disable:

  ```
  weka audit fs disable <name>
  ```

**Parameter**

<table><thead><tr><th width="168.8671875">Name</th><th>Description</th></tr></thead><tbody><tr><td><code>name</code>*</td><td>The name of the filesystem on which to enable or disable auditing.</td></tr></tbody></table>

**Related topics**

[Manage filesystems using the GUI](/weka-filesystems-and-object-stores/managing-filesystems/managing-filesystems.md)

[Manage filesystems using the CLI](/weka-filesystems-and-object-stores/managing-filesystems/managing-filesystems-1.md)

### **Set audit operations for a specific filesystem**

Override the global audit settings and define a specific set of operations to audit for an individual filesystem.

```
weka audit fs set-operations <name> [<operations>]...
```

**Parameters**

<table><thead><tr><th width="175.796875">Name</th><th>Description</th></tr></thead><tbody><tr><td><code>name</code>*</td><td>The name of the filesystem to configure.</td></tr><tr><td><code>operations</code>*</td><td><p>A space-separated list of operation categories to audit. This list replaces any previously set operations for this filesystem.</p><p>Possible values: <code>all</code>, <code>none</code>, <code>open</code>, <code>create</code>, <code>read</code>, <code>modify</code>, <code>delete</code>, <code>rename</code>, <code>close</code>, <code>sessionmanagement</code>.</p></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.weka.io/operation-guide/audit-and-forwarding-management/manage-audit-and-forwarding-using-the-cli.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.