Documentation

The configuration that Amazon FSx for Windows File Server uses to audit and log user accesses of files, folders, and file shares on the Amazon FSx for Windows File Server file system. For more information, see File access auditing.

See: newWindowsAuditLogConfiguration smart constructor.

Create a value of WindowsAuditLogConfiguration with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:auditLogDestination:WindowsAuditLogConfiguration', windowsAuditLogConfiguration_auditLogDestination - The Amazon Resource Name (ARN) for the destination of the audit logs. The destination can be any Amazon CloudWatch Logs log group ARN or Amazon Kinesis Data Firehose delivery stream ARN.

The name of the Amazon CloudWatch Logs log group must begin with the /aws/fsx prefix. The name of the Amazon Kinesis Data Firehouse delivery stream must begin with the aws-fsx prefix.

The destination ARN (either CloudWatch Logs log group or Kinesis Data Firehose delivery stream) must be in the same Amazon Web Services partition, Amazon Web Services Region, and Amazon Web Services account as your Amazon FSx file system.

$sel:fileAccessAuditLogLevel:WindowsAuditLogConfiguration', windowsAuditLogConfiguration_fileAccessAuditLogLevel - Sets which attempt type is logged by Amazon FSx for file and folder accesses.

• SUCCESS_ONLY - only successful attempts to access files or folders are logged.
• FAILURE_ONLY - only failed attempts to access files or folders are logged.
• SUCCESS_AND_FAILURE - both successful attempts and failed attempts to access files or folders are logged.
• DISABLED - access auditing of files and folders is turned off.

$sel:fileShareAccessAuditLogLevel:WindowsAuditLogConfiguration', windowsAuditLogConfiguration_fileShareAccessAuditLogLevel - Sets which attempt type is logged by Amazon FSx for file share accesses.

• SUCCESS_ONLY - only successful attempts to access file shares are logged.
• FAILURE_ONLY - only failed attempts to access file shares are logged.
• SUCCESS_AND_FAILURE - both successful attempts and failed attempts to access file shares are logged.
• DISABLED - access auditing of file shares is turned off.

The Amazon Resource Name (ARN) for the destination of the audit logs. The destination can be any Amazon CloudWatch Logs log group ARN or Amazon Kinesis Data Firehose delivery stream ARN.

The name of the Amazon CloudWatch Logs log group must begin with the /aws/fsx prefix. The name of the Amazon Kinesis Data Firehouse delivery stream must begin with the aws-fsx prefix.

The destination ARN (either CloudWatch Logs log group or Kinesis Data Firehose delivery stream) must be in the same Amazon Web Services partition, Amazon Web Services Region, and Amazon Web Services account as your Amazon FSx file system.

Sets which attempt type is logged by Amazon FSx for file and folder accesses.

• SUCCESS_ONLY - only successful attempts to access files or folders are logged.
• FAILURE_ONLY - only failed attempts to access files or folders are logged.
• SUCCESS_AND_FAILURE - both successful attempts and failed attempts to access files or folders are logged.
• DISABLED - access auditing of files and folders is turned off.

Sets which attempt type is logged by Amazon FSx for file share accesses.

• SUCCESS_ONLY - only successful attempts to access file shares are logged.
• FAILURE_ONLY - only failed attempts to access file shares are logged.
• SUCCESS_AND_FAILURE - both successful attempts and failed attempts to access file shares are logged.
• DISABLED - access auditing of file shares is turned off.