No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

OceanStor 18000 V3 Series V300R006

This document is applicable to OceanStor 18500 V3 and 18800 V3. Based on the CLI provided by the DeviceManager, this document describes how to use variouscommands classified by functions and how to set the CLI and manage the storage system throughthese commands. The document that you browse online matches the latest C version of the product. Click Download to download documents of other C versions.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
change audit_strategy

change audit_strategy

Function

The change audit_strategy command is used to modify the audit log policy of a specific service.

Format

change audit service_type=? { { enable=? | pause=? } | [ { file_system_id=? | file_system_name=? } ] [ single_file_size=? ] [ { record_fail_action=? | reserve_file_num=? | file_retention_days=? | available_capacity=? } ] [ auto_delete_switch=? ] }

Parameters

Parameter

Description

Value

service_type=?

Audit log service type.

To obtain the value, run the "show audit_strategy" command without parameters.

enable=?

Switch of starting and stopping audit log collection.

The value can be "yes" or "no", where:

  • "yes": The switch is turned on.
  • "no": The switch is turned off.

pause=?

Switch of suspending audit log collection.

The value can be "yes" or "no":

  • "yes": The audit log collection is suspended.
  • "no": The audit log collection is continued.

file_system_id=?

Audit log file system ID.

The value is an integer between 0 and 65535. To obtain the value, run the "show file_system general" command without parameters.

file_system_name=?

Audit log file system name.

The value consists of 1 to 255 ASCII characters including digits, letters, underscores (_), hyphens (-), and periods (.). To obtain the value, run the "show file_system general" command without parameters.

single_file_size=?

Size of a single audit log.

The unit is MB. The value ranges from 10 to 100.

reserve_file_num=?

Number of reserved audit logs.

The value is expressed in thousands of logs with a possible range of 1-1000. For example, a value of 5 indicates 5000 logs. If the value is set to "0", this parameter is invalid.

file_retention_days=?

Number of days that audit logs are reserved.

The value ranges from 1 to 1200 days. If the value is set to "0", this parameter is invalid.

available_capacity=?

Available capacity threshold of the audit log file system.

The value ranges from 5 GB to 100 GB. The unit is GB. If the value is set to "0", this parameter is invalid.

auto_delete_switch=?

Automatic deletion switch of audit logs.

The value can be "On" or "Off", where:

  • "Off": The switch is turned off.
  • "On": The switch is turned on.

record_fail_action=?

Service response after audit logs fail to be recorded.

The value can be "Non-Interrupt_service" or " Interrupt_service", where:

  • Non-Interrupt_service: Services will not be interrupted.
  • Interrupt_service: Services will be interrupted.

Level

Administrator

Usage Guidelines

  • Parameter "enable" or "pause" is mutually exclusive with other parameters.
  • The following parameters or parameter sets are mutually exclusive: "file_system_id" and "file_system_name", "record_fail_action", "reserve_file_num", "file_retention_days", and "available_capacity".
  • If the automatic deletion switch of audit logs is turned on, logs will be deleted based on parameters "reserve_file_num", "file_retention_days", or "available_capacity".
  • Plan the capacity of the audit log file system. If the capacity cannot meet the requirements of parameters "reserve_file_num" or "file_retention_days", services may be interrupted.

Example

  • Turn off the audit log switch of the NAS service.
    admin:/>change audit_strategy service_type=NAS enable=no 
    WARNING: You are about to disable the audit log function. This operation will uninstall the audit log file system, which contains important audit logs. The audit logs must be handled properly. Exercise caution when performing this operation. 
    Suggestion: Note the following: 
    1. Before performing this operation, stop sharing the audit log file system. 
    2. After performing this operation, clear or migrate data in the audit log file system. 
    Have you read warning message carefully?(y/n)y 
    Are you sure you really want to perform the operation?(y/n)y 
    Command executed successfully.
  • Set the NAS service response to non-interrupt service after audit logs fail to be recorded.
    admin:/>change audit_strategy service_type=NAS record_fail_action=Non-Interrupt_service  
    WARNING: You are about to set the service response policy to non-interrupt when audit logs fail to be recorded. After this operation, the utilization of the service cannot be recorded, causing security risks. 
    Suggestion: Before performing this operation, ensure that the preceding risk is acceptable. 
    Have you read warning message carefully?(y/n)y 
    Are you sure you really want to perform the operation?(y/n)y 
    Command executed successfully.
  • Set the number of reserved audit logs to 10000.
    admin:/>change audit_strategy service_type=NAS reserve_file_num=10 
    WARNING: You are about to change the threshold of the audit log automatic deletion function. If the capacity specified by this parameter is greater than the capacity of the audit log file system, audit logs may fail to be recorded and services may be interrupted. 
    Suggestion: Before performing this operation, ensure that the file system will have sufficient capacity. 
    Have you read warning message carefully?(y/n)y 
    Are you sure you really want to perform the operation?(y/n)y 
    Command executed successfully.
  • Set the number of days that audit logs are reserved to 180.
    admin:/>change audit_strategy service_type=NAS file_retention_days=180  
    WARNING: You are about to change the threshold of the audit log automatic deletion function. If the capacity specified by this parameter is greater than the capacity of the audit log file system, audit logs may fail to be recorded and services may be interrupted. 
    Suggestion: Before performing this operation, ensure that the file system will have sufficient capacity. 
    Have you read warning message carefully?(y/n)y 
    Are you sure you really want to perform the operation?(y/n)y 
    Command executed successfully.

System Response

None

Translation
Download
Updated: 2019-07-12

Document ID: EDOC1000138390

Views: 227395

Downloads: 150

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next