Actions that the mmaudit command takes to disable file audit logging
This topic describes how the mmaudit command disables file audit logging.
- Removes the associated policy partitions that were used to receive lightweight events and block
lightweight events from certain filesets and paths:
- If they exist, removes the global policy partitions that were used to skip paths (such as the CES shared root) where lightweight events are not wanted.
- If it is needed, removes the policy partition that was used to skip file system operations in the file audit logging fileset.
- Removes the policy partition that was used to receive lightweight events for the file system device that was being audited.
- Updates the audit configuration to remove the file audit logging configuration information that is associated with the file system that was audited.
- Makes the change to the file system configuration, so that the mmlsfs command
with the --file-audit-log option shows as
no.