PowerScaleOneFS CLI Command Reference

Syntax

isi audit settings modify 
  [--audit-failure <event types>]
  [--clear-audit-failure]
  [--add-audit-failure <event types>]
  [--remove-audit-failure <event types>]
  [--audit-success <event types>]
  [--clear-audit-success]
  [--add-audit-success <event types>]
  [--remove-audit-success <event types>]
  [--syslog-audit-events <event types>]
  [--clear-syslog-audit-events]
  [--add-syslog-audit-events <event types>]
  [--remove-syslog-audit-events <event types>]
  [--syslog-forwarding-enabled {yes | no}]
  [--zone<access zone>]
  [--verbose]

Options

--audit-failure <event types>

Specifies one or more filters, separated by commas, for auditing protocol event types that failed. The following event types are valid:

• close
• create
• delete
• get_security
• logoff
• logon
• read
• rename
• set_security
• tree_connect
• write
• all

This option overwrites the current list of filtered event types. To add or remove filters without affecting the current list, configure settings with --add-audit-failure or --remove-audit-failure.

--clear-audit-failure

Clears all filters for auditing protocol event types that failed.

--add-audit-failure <event types>

Adds one or more filters, separated by commas, for auditing protocol event types that failed. Valid event type values are the same as for --audit-failure.

--remove-audit-failure <event types>

Removes one or more filters, separated by commas, for auditing protocol event types that failed. Valid event type values are the same as for --audit-failure.

--audit-success <event types>

Specifies one or more filters, separated by commas, for auditing protocol event types that succeeded. The following event types are valid:

• close
• create
• delete
• get_security
• logoff
• logon
• read
• rename
• set_security
• tree_connect
• write
• all

This option overwrites the current list of filtered event types. To add or remove filters without affecting the current list, configure settings with --add-audit-success or --remove-audit-success.

--clear-audit-success

Clears all filters for auditing protocol event types that succeeded.

--add-audit-success <event types>

Adds one or more filters, separated by commas, for auditing protocol event types that succeeded. Valid event type values are the same as for --audit-success.

--remove-audit-success <event types>

Removes one or more filters, separated by commas, for auditing protocol event types that succeeded. Valid event type values are the same as for --audit-success.

--syslog-audit-events <event types>

Specifies the auditing protocol event types to forward to syslog. Only those events that match both the syslog-audit-events and --audit-success or --audit-failure will be forwarded to syslog. The following event types are valid:

• close
• create
• delete
• get_security
• logoff
• logon
• read
• rename
• set_security
• tree_connect
• write
• all

This option overwrites the current list of forwarded event types. To add or remove event types without affecting the current list, configure settings with --add-syslog-audit-events or --remove-syslog-audit-events.

--clear-syslog-audit-events

Clears all auditing protocol event types that are forwarded to syslog.

--add-syslog-audit-events <event types>

Adds one or more auditing protocol event types, separated by commas, that are forwarded to syslog. Valid event type values are the same as for --syslog-audit-events.

--remove-syslog-audit-events <event types>

Removes one or more auditing protocol event types, separated by commas, that are forwarded to syslog. Valid event type values are the same as for --syslog-audit-events.

--syslog-forwarding-enabled {yes | no}

Enables or disables syslog forwarding audit events in the specified access zone.

--zone <access zones>

Specifies the access zone to which event type filters are applied or forwarded to syslog.

{--verbose | -v}

Displays the results of running the command.