[gpfsug-discuss] file auditing capabilities
Eric Ross
er.a.ross at gmail.com
Fri Oct 20 03:15:38 BST 2017
I'm researching the file auditing capabilities possible with GPFS; I
found this paper on the GPFS wiki:
https://www.ibm.com/developerworks/community/wikis/form/anonymous/api/wiki/fa32927c-e904-49cc-a4cc-870bcc8e307c/page/f0cc9b82-a133-41b4-83fe-3f560e95b35a/attachment/0ab62645-e0ab-4377-81e7-abd11879bb75/media/Spectrum_Scale_Varonis_Audit_Logging.pdf
I haven't found anything else on the subject, however.
While I like the idea of being able to do this logging on the protocol
node level, I'm also interested in the possibility of auditing files
from native GPFS mounts.
Additional digging uncovered references to Lightweight Events (LWE):
http://files.gpfsug.org/presentations/2016/SC16/04_Scott_Fadden_Spectrum_Scale_Update.pdf
Specifically, this references being able to use the policy engine to
detect things like file opens, reads, and writes.
Searching through the official GPFS documentation, I see references to
these events in the transparent cloud tiering section:
https://www.ibm.com/support/knowledgecenter/en/STXKQY_4.2.2/com.ibm.spectrum.scale.v4r22.doc/bl1adm_define_cloud_storage_tier.htm
but, I don't see, or possibly have missed, the other section(s)
defining what other EVENT parameters I can use.
I'm curious to know more about these events, could anyone point me in
the right direction?
I'm wondering if I could use them to perform rudimentary auditing of
the file system (e.g. a default policy in place to log a message of
say user foo either wrote to and/or read from file bar).
Thanks,
-Eric
More information about the gpfsug-discuss
mailing list