Enabling file audit logging on a file system

This topic describes how to enable file audit logging on a file system in IBM Spectrum Scale™.

  1. Before enabling file audit logging, the message queue must be enabled. It can be enabled automatically with the installation toolkit if the cluster contains at least three protocol nodes, or it can be manually enabled using the mmmsgqueue command. If you do not have three protocol nodes installed on your cluster, or want to define which nodes that the message queue servers/brokers run on, you must define the nodes to run these servers. Enable the message queue directly with the broker node list.
    Note: If the kafkaBrokerServers node class already exists, then the -N specified list will not be used.
    Issue a command similar to the following example:
    mmmsgqueue enable { -N NodeName[,NodeName...] | NodeFile | NodeClass
    For more information, see the mmmsgqueue command.
  2. To enable a file system for file audit logging, issue the mmaudit command. If the message queue has not been previously enabled, the first invocation of mmaudit will also enable the message queue for the entire cluster. 
    mmaudit Device enable
    For more information, see the mmaudit command.
    Note: If "object" is enabled on the file system that is holding the file audit log fileset, ensure that you have additional inodes defined for the file audit log fileset prior to enabling.
Parent topic: Configuring file audit logging