Hi John, Nice paper! Regarding object auditing: - Does Varonis have an API that could be used to tell it when object operations complete from normal object interface? If so, a middleware module could be used to send interesting events to Varonis (this is already done in openstack auditing using CADF) - With Varonis, can you monitor operations just on ".data" files? (these are the real objects) Can you also include file metadata values in the logging of these operations? If so, the object url could be pulled whenever a .data file is created, renamed (delete), or read
Thanks, Bill Owen [email protected] Spectrum Scale Object Storage 520-799-4829 From: John T Olson/Tucson/IBM@IBMUS To: gpfsug main discussion list <[email protected]> Date: 12/09/2016 07:33 AM Subject: Re: [gpfsug-discuss] Auditing of SMB file access Sent by: [email protected] Richard, I recently published a white paper in the Spectrum Scale wiki in developerworks about using Varonis with Spectrum Scale for auditing. This paper includes what type of file events are recognizable with the proposed setup. Here is link to the paper: https://www.ibm.com/developerworks/community/wikis/form/anonymous/api/wiki/fa32927c-e904-49cc-a4cc-870bcc8e307c/page/f0cc9b82-a133-41b4-83fe-3f560e95b35a/attachment/0ab62645-e0ab-4377-81e7-abd11879bb75/media/Spectrum_Scale_Varonis_Audit_Logging.pdf Note that you have to register with developerworks, but it is a free registration. Thanks, John John T. Olson, Ph.D., MI.C., K.EY. Master Inventor, Software Defined Storage 957/9032-1 Tucson, AZ, 85744 (520) 799-5185, tie 321-5185 (FAX: 520-799-4237) Email: [email protected] "Do or do not. There is no try." - Yoda Olson's Razor: Any situation that we, as humans, can encounter in life can be modeled by either an episode of The Simpsons or Seinfeld. Inactive hide details for Aaron Knister ---12/09/2016 06:21:40 AM---Hi Richard, Does this help?Aaron Knister ---12/09/2016 06:21:40 AM---Hi Richard, Does this help? From: Aaron Knister <[email protected]> To: gpfsug main discussion list <[email protected]> Date: 12/09/2016 06:21 AM Subject: Re: [gpfsug-discuss] Auditing of SMB file access Sent by: [email protected] Hi Richard, Does this help? https://moiristo.wordpress.com/2009/08/10/samba-logging-user-activity/amp I've not used CES so I don't know at what level it manages the samba configuration file or how easily these changes could be integrated in light of that. Sent from my iPhone On Dec 9, 2016, at 6:52 AM, Sobey, Richard A <[email protected]> wrote: Hi all, Is there any auditing we can enable to track changes and accesses to files/folders on GPFS (via SMB/CES if that matters). Cheers Richard _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
