These items generate huge amounts of useless auditing info and overwhelm the logs and logging systems. Just in the last 1-2 hours on 7 of our front-ends, we have over 2M fchmodat, 1.8M fchownat, 2.8M rmdir, and 1.3M unlinkat. The audit logs are continually rotating every hour, which on just these 7 systems is producing approx 250 GB of log data every day that nobody can or ever will look at as this activity is normal for lustre file systems. If possible, it would be nice to exclude shared file systems or non-system dirs as having this number of events makes spotting actual events of interest impossible.
These items generate huge amounts of useless auditing info and overwhelm the logs and logging systems. Just in the last 1-2 hours on 7 of our front-ends, we have over 2M fchmodat, 1.8M fchownat, 2.8M rmdir, and 1.3M unlinkat. The audit logs are continually rotating every hour, which on just these 7 systems is producing approx 250 GB of log data every day that nobody can or ever will look at as this activity is normal for lustre file systems. If possible, it would be nice to exclude shared file systems or non-system dirs as having this number of events makes spotting actual events of interest impossible.