File audit logging events' descriptions
Use this information to learn more about which I/O operations result in the nine events for file audit logging.
Event name | Description | Examples |
---|---|---|
ACLCHANGE | A file's or directory's ACL permissions were modified. | mmputacl, chown, chgrp, chmod |
CLOSE | A file was closed. | close(), cp, touch, echo, policy MIGRATE rule |
CREATE | A file or directory was created. | open(creat flag), vi, ln, dd, mkdir |
GPFSATTRCHANGE | A file's or directory's IBM Spectrum Scale attributes were changed. | mmchattr -i -e --indefinite-retention |
OPEN | A file or directory was opened for reading, writing, or creation. | open(), mmlsattr, cat, cksum, ls (only for directories), policy LIST rule |
RENAME | A file or directory was renamed. | rename(), mv |
RMDIR | A directory was removed. | rmdir(), rm, rmdir |
UNLINK | A file or directory was unlinked from its parent directory. When the linkcount = 0, the file is deleted. | unlink(), rm hardlink/softlink |
XATTRCHANGE | A file's or directory's extended attributes were changed. | mmchattr --set-attr --delete-attr |
For more information, see JSON reporting issues in file audit logging.