disabling audit related services directly can cause Data Unavailability

When audit related services are disabled directly using isi services, it can lead to production outage for NFS, or SMB.

# isi services -al | grep -i audit
isi_audit_cee Audit Log Forwarder to CEE Enabled
isi_audit_d Audit Log Server Enabled
isi_audit_syslog Audit Log Forwarder to Syslog Enabled

There is a audit filter driver in the likewise stack , it can be enabled by isi audit settings global. After enable it, the protocol auditing is done from the likewise stack.

# /usr/likewise/bin/lwsm list|grep audit
flt_audit [filter] running (lwio: 7048)
flt_audit_hdfs [filter] running (hdfs: 12730)
flt_audit_nfs [filter] running (nfs: 25724)

However, if the audit service is down for some reason or disabled intentionally, flt_audit driver would not be stopped.
Thus protocol audit event would not be stopped, it would keep trying to send the audit event to audit server via flt_audit driver. and its interaction with the audit server would be suspended/rejected due to the down of audit service, The DU in protocol layer would raise as a consequence.

If disabling audit services is a must then first please disable auditing globally using below command

# isi audit settings global modify --protocol-auditing-enabled=no --config-auditing-enabled=no

Then disable the services if needed.