audit data

Enables and disables auditing of filesystem and table operations.

For a list of these operations, see Auditing of Filesystem Operations and Table Operations.

Only the mapr user for the cluster can run this command. For more information about the mapr user, see Managing Users and Groups.

Syntax

CLI
maprcli audit
[ -cluster <cluster name> ] 
[ -enabled <true | false> ]
[ -maxsize <GB> ]
[ -retention <number of days> ] 
REST

http[s]://<host>:<port>/rest/audit/data?enabled=<true | false>&maxSize=<GB>&retention=<number of days>

Parameters

Parameter Description
cluster The path and name of a remote MapR cluster.
enabled The value true enables auditing, the value false disables it.
maxsize The size in GB at which an alarm is sent to the dashboard in the MapR Control Service. The alarm is to notify the cluster administrator that the audit log is becoming large enough that the administrator might want to take action. For more information about this parameter, the alarm, and possible actions to take, see Managing Audit Logs for Filesystem and Table Operations.

The audit log continues to grow until the administrator takes action or until the retention period ends.

The default value is 32.

retention The period of time in days for which to keep the data in the audit log for the data access. After this period elapses, the content of the file is deleted and new entries are added to the file until the next retention period elapses.