search

Manage audit and forwarding using the CLI

You can use the weka audit commands to configure and manage the audit and forwarding feature. The commands are organized into the following groups:

  • weka audit cluster: Manage audit settings at the cluster level.

  • weka audit fs: Manage audit settings for specific filesystems.

hashtag
Manage cluster-level auditing

Use the weka audit cluster commands to control the audit feature for the entire cluster.

hashtag
Enable or disable cluster-wide auditing

The auditing functionality is disabled by default. Enable it at the cluster level before you can configure auditing for specific filesystems. This initial enablement sets up the necessary infrastructure and components required for the audit system to function.

  • To enable:

    weka audit cluster enable

  • To disable:

    weka audit cluster disable

hashtag
View cluster audit status

View the current cluster-wide status of the audit feature.

weka audit cluster status

hashtag
View cluster audit statistics

View detailed statistics about the audit logs for the entire cluster.

hashtag
Set the global audit operations

Defines the global default policy for which categories of operations are audited across the cluster. This policy applies to all filesystems but can be overridden by settings on an individual filesystem. You can choose to audit all categories or specify a subset (for example, read, delete).

Parameter

Name
Description

operations*

A space-separated list of operation categories to audit. Providing a new list replaces any previously set global operations.

Values: all, none, open, create, read, modify, delete, rename, close, sessionmanagement.

hashtag
Manage full path resolution

Use the following commands to control the asynchronous process that adds full file paths to audit events. Including full paths provides valuable context for each operation but may introduce a performance impact. Disabling this feature can increase event throughput if the path information is not required for your use case.

  • To enable resolution of full file paths in forwarded audit events:

  • To disable the resolution of full file paths in forwarded audit events.:

hashtag
Manage filesystem-level auditing

Use the weka audit fs commands to control audit settings for individual filesystems.

hashtag
View filesystem audit status

List the audit status for all filesystems or a specific filesystem.

Parameter

Name
Description

name

The name of a specific filesystem to view.

hashtag
Enable or disable auditing for a filesystem

Enable or disable auditing on a specific filesystem.

  • To enable:

  • To disable:

Parameter

Name
Description

name*

The name of the filesystem on which to enable or disable auditing.

Related topics

Manage filesystems using the GUI

Manage filesystems using the CLI

hashtag
Set audit operations for a specific filesystem

Override the global audit settings and define a specific set of operations to audit for an individual filesystem.

Parameters

Name
Description

name*

The name of the filesystem to configure.

operations*

A space-separated list of operation categories to audit. This list replaces any previously set operations for this filesystem.

Possible values: all, none, open, create, read, modify, delete, rename, close, sessionmanagement.

PreviousManage audit and forwarding using the GUINextUpgrade WEKA versions

Last updated