File Access Auditing Support For NFS and SMB Clients

The purpose of this document is to instruct the user on how to configure Audit for CloudFS. Follow the steps outlined in this document in sequential order unless otherwise noted.

Audit Configuration For CloudFS Details

This CloudFS feature extends and broadens the configuration of Audit to enable flexibility while retaining existing features and supporting future upgrades. To support multiple vendors for audit, configuration elements of audit are designed to be as customizable as possible to support the following use cases:

  • Use of Panzura Data Services, syslog and any single third-party vendor (Varonis) simultaneously
  • Provide the configuration options to allow customized tracked actions for multiple audit log destinations. For example, Panzura Data Services must track eight+ (8+) audit actions (read, write, modify, open, close, mkdir, etc.); however, the syslog server only needs to receive two types of actions (open, close)

This audit configuration feature replaces configuration via AS-Audit and AS-Varonis licenses. This functionality now uses standard Panzura configuration which duplicates and enhances the existing functionality and allows the configuration to be propagated from master to subordinate. 

Note: AS-Audit and AS-Varonis licenses are no longer required, any existing licenses will be ignored after upgrade.

Click here for Audit license configuration for CloudFS versions prior to 8.2.

Configuring Audit Settings

    1. From the Filer Configuration screen, select Monitoring from the navigation menu on the left side of the screen.
    2. Select Audit Settings from the Monitoring call-out.
    3. On the Audit Settings section, there are three main services where settings may be toggled on/off:
      ▪️ Panzura Data Services
      ▪️ Audit Syslog
      ▪️ Third Party Vendor Support (used for integrations)
    4. Each service may be toggled on/off individually. Toggle the on/off feature as desired by clicking the corresponding service button:
      ▪️ Generate PDS Audit Log
      ▪️ Generate Syslog Log
      ▪️ Generate Third Party Log
    5. The Push to Subordinate(s) switch toggles on/off for each service individually. On indicates this service's settings will be shared with the subordinates.
    6. User Actions for each service can be selected to enable/disable specific functions for users. Select your desired user actions for each service as desired.
    7. Click Save to apply changes. 

Configuring Local Audit Settings

The Local Audit Settings exist primarily to allow overwriting the Master Audit Settings when necessary. From the Audit Settings screen, you are able to see both cluster and local settings, regardless of whether you are viewing as a master or subordinate. 

Note: If you are a subordinate, you will not be able to edit your cluster settings.

The Local Audit Settings mirror the Audit Settings section as noted above with one caveat: the Push to Subordinate(s) toggle is replaced with Inherited from Cluster

    1. On the Local Audit Settings section, there are three main services where settings may be toggled on/off:
      ▪️ Panzura Data Services
      ▪️ Audit Syslog
      ▪️ Third Party Vendor Support (used for integrations)
    2. Each service may be toggled on/off individually. Toggle the on/off feature as desired by clicking the corresponding service button:
      ▪️ Generate PDS Audit Log
      ▪️ Generate Syslog Log
      ▪️ Generate Third Party Log
    3. The Inherited from Cluster switch toggles on/off each service individually. Disable this setting to have settings on the subordinate that are different from the master. If the master has Push to Subordinate set to off, then the local settings will be used regardless of this option.
    4. User Actions for each service can be selected to enable/disable specific functions for users. Select your desired user actions for each service as desired.
    5. Click Save to apply changes.