Enabling and configuring file audit logging using the installation toolkit

You can use the installation toolkit to enable and configure the file audit logging function in the cluster definition file. After enabling this function at the cluster level, you must enable it on file systems. The file audit logging package (gpfs.librdkafka) is installed on all supported nodes in the cluster specified to the installation toolkit during the installation, even if file audit logging is not enabled in the cluster configuration. In a cluster containing an ESS system wherein the setup type is ESS or ess in the cluster definition file, the file audit logging packages are installed on protocol nodes and client nodes. They are not installed on ESS EMS and I/O server nodes. Based on the file audit logging configuration options specified in the cluster definition file using the installation toolkit, the function is enabled and configured in the cluster accordingly during the deployment.

For information on required packages for file audit logging, see Requirements, limitations, and support for file audit logging and Installation prerequisites.

Note: A file system must be specified in the cluster definition file before you can enable file audit logging.

You can configure the file audit logging related options in the cluster definition file by using the installation toolkit as follows.

By default, file audit logging is disabled in the cluster definition file.

To enable file audit logging in the cluster definition file, issue the following command before doing installation or deployment with the installation toolkit:
```
./spectrumscale fileauditlogging enable
```
To disable file audit logging in the cluster definition file, issue the following command:
```
./spectrumscale fileauditlogging disable
```
To list the file audit logging configuration in the cluster definition file, issue the following command:
```
./spectrumscale fileauditlogging list
```

You can verify whether file audit logging is enabled in the cluster definition file by viewing the output of the ./spectrumscale node list command:

[ INFO  ] List of nodes in current configuration:
[ INFO  ] [Installer Node]
[ INFO  ] 198.51.100.15
[ INFO  ] Setup Type: SpectrumScale
[ INFO  ] 
[ INFO  ] [Cluster Name]
[ INFO  ] ESDev1
[ INFO  ]
[ INFO  ] [Protocols]
[ INFO  ] SMB : Enabled
[ INFO  ] NFS : Enabled
[ INFO  ]
[ INFO  ] File Audit logging : Disabled 
[ INFO  ]
[ INFO  ] GPFS Node              Admin  Quorum  Manager  NSD Server  Protocol  GUI Server  OS     Arch
[ INFO  ] ESDev1-GPFS1             X       X       X                    X                  rhel7  x86_64
[ INFO  ] ESDev1-GPFS2                             X                    X                  rhel7  x86_64
[ INFO  ] ESDev1-GPFS3                             X                    X                  rhel7  x86_64
[ INFO  ] ESDev1-GPFS4             X       X       X          X                            rhel7  x86_64 
[ INFO  ] ESDev1-GPFS5             X       X       X          X                            rhel7  x86_64

After enabling the file audit logging function in the cluster definition file, you must enable it on file systems on which you want to enable file audit logging.

To enable file audit logging on a file system in the cluster definition file, issue the following command:
```
./spectrumscale filesystem modify --fileauditloggingenable FileSystemName
```
You can also specify the retention period and log fileset name with this command. For example, to specify a retention period of 180 days and to specify the log fileset name testlog, issue the following command:
```
./spectrumscale filesystem modify --fileauditloggingenable --retention 180 --logfileset testlog FileSystemName
```
To disable file audit logging on a file system in the cluster definition file, issue the following command:
```
./spectrumscale filesystem modify --fileauditloggingdisable FileSystemName
```

Note: These file audit logging configuration-related changes become effective after the deployment procedure, initiated with ./spectrumscale deploy, is completed.