[gpfsug-discuss] file auditing capabilities

Richard Booth richardb+gpfsUG at ellexus.com
Fri Oct 20 15:47:57 BST 2017 

Hi Eric

The company I work for could possibly help with this, Ellexus
<https://www.ellexus.com/>. Please feel free to get in touch if you need
some help with this.

Cheers
Richard

----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Thu, 19 Oct 2017 21:15:38 -0500
>> From: Eric Ross <er.a.ross at gmail.com>
>> To: gpfsug-discuss at spectrumscale.org
>> Subject: [gpfsug-discuss] file auditing capabilities
>> Message-ID:
>>         <CALS6xOom16NOhOfVH+8ymJKO-QYzeZdMxA2-kw_EjSWHauvZXA at mail.gm
>> ail.com>
>> Content-Type: text/plain; charset="UTF-8"
>>
>> I'm researching the file auditing capabilities possible with GPFS; I
>> found this paper on the GPFS wiki:
>>
>> https://www.ibm.com/developerworks/community/wikis/form/anon
>> ymous/api/wiki/fa32927c-e904-49cc-a4cc-870bcc8e307c/page/
>> f0cc9b82-a133-41b4-83fe-3f560e95b35a/attachment/0ab62645-
>> e0ab-4377-81e7-abd11879bb75/media/Spectrum_Scale_Varonis_
>> Audit_Logging.pdf
>>
>> I haven't found anything else on the subject, however.
>>
>> While I like the idea of being able to do this logging on the protocol
>> node level, I'm also interested in the possibility of auditing files
>> from native GPFS mounts.
>>
>> Additional digging uncovered references to Lightweight Events (LWE):
>>
>> http://files.gpfsug.org/presentations/2016/SC16/04_Scott_Fad
>> den_Spectrum_Scale_Update.pdf
>>
>> Specifically, this references being able to use the policy engine to
>> detect things like file opens, reads, and writes.
>>
>> Searching through the official GPFS documentation, I see references to
>> these events in the transparent cloud tiering section:
>>
>> https://www.ibm.com/support/knowledgecenter/en/STXKQY_4.2.2/
>> com.ibm.spectrum.scale.v4r22.doc/bl1adm_define_cloud_storage_tier.htm
>>
>> but, I don't see, or possibly have missed, the other section(s)
>> defining what other EVENT parameters I can use.
>>
>> I'm curious to know more about these events, could anyone point me in
>> the right direction?
>>
>> I'm wondering if I could use them to perform rudimentary auditing of
>> the file system (e.g. a default policy in place to log a message of
>> say user foo either wrote to and/or read from file bar).
>>
>> Thanks,
>> -Eric
>>
>>
>> ------------------------------
>>
>> _______________________________________________
>> gpfsug-discuss mailing list
>> gpfsug-discuss at spectrumscale.org
>> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>>
>>
>> End of gpfsug-discuss Digest, Vol 69, Issue 38
>> **********************************************
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20171020/1644acda/attachment.htm>

More information about the gpfsug-discuss mailing list