[gpfsug-discuss] Auditing of SMB file access
Bill Owen
billowen at us.ibm.com
Fri Dec 9 15:44:28 GMT 2016
Hi John,
Nice paper!
Regarding object auditing:
- Does Varonis have an API that could be used to tell it when object
operations complete from normal object interface? If so, a middleware
module could be used to send interesting events to Varonis (this is already
done in openstack auditing using CADF)
- With Varonis, can you monitor operations just on ".data" files? (these
are the real objects) Can you also include file metadata values in the
logging of these operations? If so, the object url could be pulled
whenever a .data file is created, renamed (delete), or read
Thanks,
Bill Owen
billowen at us.ibm.com
Spectrum Scale Object Storage
520-799-4829
From: John T Olson/Tucson/IBM at IBMUS
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: 12/09/2016 07:33 AM
Subject: Re: [gpfsug-discuss] Auditing of SMB file access
Sent by: gpfsug-discuss-bounces at spectrumscale.org
Richard,
I recently published a white paper in the Spectrum Scale wiki in
developerworks about using Varonis with Spectrum Scale for auditing. This
paper includes what type of file events are recognizable with the proposed
setup. Here is link to the paper:
https://www.ibm.com/developerworks/community/wikis/form/anonymous/api/wiki/fa32927c-e904-49cc-a4cc-870bcc8e307c/page/f0cc9b82-a133-41b4-83fe-3f560e95b35a/attachment/0ab62645-e0ab-4377-81e7-abd11879bb75/media/Spectrum_Scale_Varonis_Audit_Logging.pdf
Note that you have to register with developerworks, but it is a free
registration.
Thanks,
John
John T. Olson, Ph.D., MI.C., K.EY.
Master Inventor, Software Defined Storage
957/9032-1 Tucson, AZ, 85744
(520) 799-5185, tie 321-5185 (FAX: 520-799-4237)
Email: jtolson at us.ibm.com
"Do or do not. There is no try." - Yoda
Olson's Razor:
Any situation that we, as humans, can encounter in life
can be modeled by either an episode of The Simpsons
or Seinfeld.
Inactive hide details for Aaron Knister ---12/09/2016 06:21:40 AM---Hi
Richard, Does this help?Aaron Knister ---12/09/2016 06:21:40 AM---Hi
Richard, Does this help?
From: Aaron Knister <aaron.knister at gmail.com>
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: 12/09/2016 06:21 AM
Subject: Re: [gpfsug-discuss] Auditing of SMB file access
Sent by: gpfsug-discuss-bounces at spectrumscale.org
Hi Richard,
Does this help?
https://moiristo.wordpress.com/2009/08/10/samba-logging-user-activity/amp
I've not used CES so I don't know at what level it manages the samba
configuration file or how easily these changes could be integrated in light
of that.
Sent from my iPhone
On Dec 9, 2016, at 6:52 AM, Sobey, Richard A <r.sobey at imperial.ac.uk>
wrote:
Hi all,
Is there any auditing we can enable to track changes and
accesses to files/folders on GPFS (via SMB/CES if that
matters).
Cheers
Richard
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20161209/54c94dcf/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20161209/54c94dcf/attachment-0002.gif>
More information about the gpfsug-discuss
mailing list