[gpfsug-discuss] Request for folks using encryption on SKLM, run a word count

Thu Sep 10 16:55:46 BST 2020

We run sklm for tape encryption for spectrum archive – no encryption in gpfs filesystem on disk pools.
We see no grep hits for “not trust” in our last few sklm_audit.log files.

Best,
Chris

From: <gpfsug-discuss-bounces at spectrumscale.org> on behalf of "Wahl, Edward" <ewahl at osc.edu>
Reply-To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: Tuesday, September 8, 2020 at 7:10 PM
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Subject: [gpfsug-discuss] Request for folks using encryption on SKLM, run a word count

 Ran into something a good while back and I'm curious how many others this affects.   If folks with encryption enabled could run a quick word count on their SKLM server and reply with a rough count I'd appreciate it.
I've gone round and round with IBM SKLM support over the last year on this and it just has me wondering.  This is one of those "morbidly curious about making the sausage" things.

Looking to see if this is a normal error message folks are seeing.  Just find your daily, rotating audit log and search it.  I'll trust most folks to figure this out, but let me know if you need help.
Normal location is /opt/IBM/WebSphere/AppServer/products/sklm/logs/audit  If you are on a normal linux box try something like:  "locate sklm_audit.log |head -1 |xargs -i grep "Server does not trust the client certificate" {} |wc "  or whatever works for you.   If your audit log is fairly fresh, you might want to check the previous one.   I do NOT need exact information, just 'yeah we get 12million out a 500MB file' or ' we get zero', or something like that.

 Mostly I'm curious if folks get zero, or a large number.  I've got my logs adjusted to 500MB and I get 8 digit numbers out of the previous log.   Yet things work perfectly.    I've talked to two other SS sites I know the admins personally, and they get larger numbers than I do. But it's such a tiny sample size! LOL

Ed Wahl
Ohio Supercomputer Center

Apologies for the message formatting issues.  Outlook fought tooth and nail against sending it with the path as is, and kept breaking my paragraphs.
________________________________
This message is for the recipient’s use only, and may contain confidential, privileged or protected information. Any unauthorized use or dissemination of this communication is prohibited. If you received this message in error, please immediately notify the sender and destroy all copies of this message. The recipient should check this email and any attachments for the presence of viruses, as we accept no liability for any damage caused by any virus transmitted by this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20200910/aafe8398/attachment-0002.htm>