Levels of Auditing

Details the different levels of auditing and how they interact with each other.

In contrast to auditing cluster-level operations, auditing of filesystem, table, and stream operations needs to be enabled at three separate levels, as illustrated by this diagram. If auditing is not enabled at any one of these levels, operations on an object are not logged.

In this first diagram, data auditing is enabled at all three levels: the cluster level, through the maprcli audit data command; the volume level, through any of the three volume commands shown in the diagram; and the level of the individual directory, file, table, or stream. Because all three levels are enabled, operations that, for example, a client application makes on a directory, file, table, or stream are recorded in an audit log.



The next diagram shows auditing enabled at the cluster level and the volume level, but not on the directory, file, table, or stream that an operation is performed on. Although the two higher levels are enabled for auditing, the operation is not logged in an audit log.



To give one final example, in the next diagram auditing is enabled on the individual directory, file, or table and at the cluster level. However, auditing is not enabled at the volume level. Therefore, the operation that the client application performs on the object is not recorded in an audit log.