File audit logging events' descriptions
Use this information to learn more about which I/O operations result in the
nine events for file audit logging.
| Event name | Description | Examples |
|---|---|---|
| ACLCHANGE | A file's or directory's ACL permissions were modified. | mmputacl, chown, chgrp, chmod |
| CLOSE | A file was closed. | close(), cp, touch, echo, policy MIGRATE rule |
| CREATE | A file or directory was created. | open(creat flag), vi, ln, dd, mkdir |
| GPFSATTRCHANGE | A file's or directory's IBM Spectrum Scale attributes were changed. | mmchattr -i -e --indefinite-retention |
| OPEN | A file or directory was opened for reading, writing, or creation. | open(), mmlsattr, cat, cksum, ls (only for directories), policy LIST rule |
| RENAME | A file or directory was renamed. | rename(), mv |
| RMDIR | A directory was removed. | rmdir(), rm, rmdir |
| UNLINK | A file or directory was unlinked from its parent directory. When the linkcount = 0, the file is deleted. |
unlink(), rm hardlink/softlink |
| XATTRCHANGE | A file's or directory's extended attributes were changed. | mmchattr --set-attr --delete-attr |
For more information, see JSON reporting issues in file audit logging.