Enables or disables auditing on the specified volume.

You must have the fc permission on the cluster to use this command. See acl for details about this permission.

To learn how to determine whether auditing is enabled for a volume, see Checking Whether Auditing is Enabled for a Directory, File, or MapR-DB Table.

Syntax

CLI

maprcli volume audit
[ -cluster <cluster name> ]
-name <volume name>
[ -enabled <true|false> ]
[ -coalesce <interval in minutes> ]

RESThttp[s]://<host>:<port>/rest/volume/audit?cluster=<name of cluster>&name=<name of volume>&enabled=<true|false>&coalesce=<minutes>

Parameters

Parameter

Description

cluster

The cluster on which the volume is located. This parameter is required if the volume is on a remote cluster. The remote cluster must be listed in the mapr-cluster.conf file for the cluster where you run the command.

name

The name of the volume.

enabled

Enables or disables the auditing of operations within the volume. You must use either this parameter, the -coalesce parameter, or both.

See Enabling Auditing for the steps to enable auditing on directories, files, and tables in a volume.

When you set the value to false, auditing of operations within the volume ceases. None of the auditing settings are changed on the directories, files, and MapR-DB tables within the volume. If you later run the maprcli volume audit command with -enabled set to true, auditing begins again on the objects that were already enabled for auditing.

coalesce

The interval of time during which READ, WRITE, or GETATTR operations on one file from one client IP address are logged only once, if auditing is enabled.

For example, suppose that a client application reads a single file three times in 6 minutes, so that there is one read at 0 minutes, another at 3 minutes, and a final read at 6 minutes. If the coalesce interval is at least 6 minutes, then only the first read operation is logged. However, if the interval is between 4 minutes, then only the first and third read operations are logged. If the interval is 2 minutes, all three read operations are logged.

The default value is 60 minutes. Setting this field to a larger number helps prevent audit logs from growing quickly.

Examples

CLImaprcli volume audit -name auditVolume
RESThttps://centos26.lab:8443/rest/volume/audit?name=auditVolume