To check and enable the auditing of "Close" operations:
1. Run the following command in the command line interface (CLI) to view the Global Audit settings:
isi audit settings global view
2. Based on the output, record the value for "Audited Zones"
3. View settings for the "Audited Zones" by running the following command:
isi audit settings view --zone='value_from_step_2'
4. From the output confirm if "close" is listed in "Audit failure", "Audit Success", or both.
5. If "close" is missing from either "Audit failure", "Audit Success", or both, It can be added by running the following command(s):
-Add to "Audit Success"
isi audit settings modify --add-audit-success close --zone='value_from_step_2'
- Add to Audit Failure
isi audit settings modify --add-audit-failure close --zone='value_from_step_2'
6. Confirm the "close" events were added to auditing by running the following command:
isi audit settings view --zone='value_from_step_2'
For example the output should resemble this:
Audit Success: close, delete, rename, set_security, write
© 2022 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy