Snaplock compliance volumes may additionally be used as compliant log volumes for operations performed on any SnapLock volume or system.
SnapLock enterprise volumes may allow audited file deletions before the expiration of file retention dates. This privileged delete capability may be enabled on a per volume basis when secure logging is properly configured.
privdel fingerprint log options
Allows the deletion of retained files on SnapLock enterprise volumes before the expiration date of the file specified by path. The -f flag allows the command to proceed without interactive confirmation from the user.
For this command to succeed the user must be accessing the filer over a secure connection and must be a member of the Compliance Administrators group (see na_useradmin(1))
This command is not available on SnapLock compliance volumes.
snaplock fingerprint [ -a [MD5|SHA-256] ] [-m|-d] path
This command returns the MD5 or SHA-256 hash of the file specified in path. By default, SHA-256 is used and both the file data and meta-data are included in the hash.
The volume command sets or reports the system log volume name to vol. In a set operation, vol must exist and must be a SnapLock compliance volume. Logs on the previous log volume (if there was one) will be closed and the new log volume will be initialized with new logs.
Log rotation normally happens whenever the size of a log reaches the maximum size specified by the snaplock.log.maximum_size option (see na_options(1)). The rotate command forces individual or global log file rotation. If the basename parameter is given, the rotation of the log with that base name will be rotated. Otherwise, all log files on volume vol will be rotated.
The status command reports the status of the current log file or files on volume vol.
snaplock options vol privdel [ on | off | disallowed ] [ -f ]
The options privdel command sets or reports the state of the privileged delete option on a SnapLock enterprise volume. When setting the value, the -f flag allows for silent operation.
The valid states are:
Not initialized: No state has yet been specified for this volume and no privileged deletions will be allowed on the volume.
on: The feature is turned on and deletions are allowed.
off: The feature is turned off and no privileged delete operations will be allowed. The feature may be turned on in future.
disallowed: The feature has been disabled for this volume and can never be turned on for this volume.
Deletes the file myfile on the enterprise volume slevol. The user must have sufficient privileges and must have initiated the command over a secure connection to the filer for the command to succeed.
snaplock log volume
Prints out the value of system compliance log volume name if it has been initialized. An uninitialzed system log volume will report the value is not set.
snaplock log volume logvol
Sets the system compliance log volume to logvol.
snaplock log status logvol
Prints out the log status for all the active log files on volume logvol.
snaplock log status logvol priv_delete
Prints out the log status for the privileged delete log file on volume logvol.
snaplock options -f slevol privdel on
Turn on the privileged delete feature on enterprise volume slevol without asking for confirmation.
Copyright © 1994-2008 NetApp, Inc. Legal Information