Re: [gpfsug-discuss] Re Auditing

Mon, 31 Jul 2017 11:06:08 -0700 

Brilliant.  Thanks Bob.

From: Oesterlin, Robert [mailto:[email protected]]
Sent: Monday, July 31, 2017 1:03 PM
To: gpfsug main discussion list <[email protected]>
Subject: [gpfsug-discuss] Re Auditing

We run a policy that looks like this:

-- cut here --
      define(daysToEpoch, days(timestamp('1970-01-01 00:00:00.0')))
      define(unixTS,
               char(int(
                 (( days(\$1) - daysToEpoch ) * 86400) +
                 (  hour(\$1) * 3600) +
                 (minute(\$1) * 60) +
                 (second(\$1))
               ))
            )

      rule 'dumpall' list '"$filesystem"' DIRECTORIES_PLUS
      SHOW(                                      '|' ||
            varchar(user_id)                  || '|' ||
            varchar(group_id)                 || '|' ||
            char(mode)                        || '|' ||
            varchar(file_size)                || '|' ||
            varchar(kb_allocated)             || '|' ||
            varchar(nlink)                    || '|' ||
            unixTS(access_time,19)            || '|' ||
            unixTS(modification_time)         || '|' ||
            unixTS(creation_time)             || '|' ||
            char(misc_attributes,1)           || '|'
          )
-- cut here --


Bob Oesterlin
Sr Principal Storage Engineer, Nuance



From: 
<[email protected]<mailto:[email protected]>>
 on behalf of Mark Bush 
<[email protected]<mailto:[email protected]>>
Reply-To: gpfsug main discussion list 
<[email protected]<mailto:[email protected]>>
Date: Monday, July 31, 2017 at 12:31 PM
To: "[email protected]<mailto:[email protected]>" 
<[email protected]<mailto:[email protected]>>
Subject: [EXTERNAL] [gpfsug-discuss] Auditing

Does someone already have a policy that can extract typical file audit items 
(user_id, last written, opened/accessed, modified, deleted, etc)?  Am I barking 
up the wrong tree for this is there a better way to get this type of data from 
a Spectrum Scale filesystem?


This message (including any attachments) is intended only for the use of the 
individual or entity to which it is addressed and may contain information that 
is non-public, proprietary, privileged, confidential, and exempt from 
disclosure under applicable law. If you are not the intended recipient, you are 
hereby notified that any use, dissemination, distribution, or copying of this 
communication is strictly prohibited. This message may be viewed by parties at 
Sirius Computer Solutions other than those named in the message header. This 
message does not contain an official representation of Sirius Computer 
Solutions. If you have received this communication in error, notify Sirius 
Computer Solutions immediately and (i) destroy this message if a facsimile or 
(ii) delete this message immediately if this is an electronic communication. 
Thank you.

Sirius Computer Solutions<http://www.siriuscom.com>

_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss

Reply via email to