Configure protocol event filters

You can filter the types of protocol access events to be audited in an access zone. You can create filters for successful events and failed events. The following protocol events are collected for audited access zones by default: create, delete, rename, close, and set_security. This procedure is available only through the command-line interface.

Before you begin

To create protocol event filters, you should first enable protocol access auditing in the access zone.

Procedure

  1. Open a Secure Shell (SSH) connection to any node in the cluster and log in.
  2. Run the isi audit settings modify command
    The following command creates a filter that audits the failure of create, close, and delete events in the zone3 access zone:
    isi audit settings modify --audit-failure=create,close,delete --zone=zone3
    The following command creates a filter that audits the success of create, close, and delete events in the zone5 access zone:
    isi audit settings modify --audit-success=create,close,delete --zone=zone5