Audit licenses are required to enable File Audit and are supplied by Panzura support on purchase of Data Services.
The tokens provided must be entered on each Panzura node, through the Panzura node's dashboard License Manager, as shown below.
Specifying Audit Actions
After entering the license tokens, you must then edit the license to specify the audit actions that File Audit should capture, by entering them in the ACCESS field as shown below, separated by commas.
Available audit actions are:
- create: creating file
- remove: deleting files
- read: reading files
- write: writing files
- mkdir: creating directories
- rmdir: deleting directories
- rename: renaming files or directories
- rlclaim: global file lock
- setattr: changing attributes
- setxattr: changing permissions
- dellxattr: deleting permissions
Users can also specify the list of files that they want to be included or excluded from auditing. For the inclusion of all files, * (asterisk,) and for no file exclusion, - (dash) must be entered.
Excluded actions and files will not be visible to Audit service, and Data Services cannot be held responsible for the loss of data and insights that are dependent on such eliminated items.
The following picture shows the audit parameters configurations in the CloudFS Nodes’ License Manager.
Move and Copy Actions
Copy and Move actions do not cause explicit audit events in the file systems’ Audit Logs, but are included in the audit actions for detection by the File Audit service. File Audit's detection of Move and Copy actions is based on inference from the other explicit audit actions. Therefore, their detection may not be as precise as the other audit actions, which are explicit events.
Open and Close Actions
These actions are not shown, as they are enveloped by all other audit actions.
Minimum CloudFS Version Required
Change Permission, Delete Permission, Copy, Move, Read, and Write are only available for Panzura nodes running CloudFS 22.214.171.124 and higher.