I'm researching the file auditing capabilities possible with GPFS; I found this paper on the GPFS wiki:
https://www.ibm.com/developerworks/community/wikis/form/anonymous/api/wiki/fa32927c-e904-49cc-a4cc-870bcc8e307c/page/f0cc9b82-a133-41b4-83fe-3f560e95b35a/attachment/0ab62645-e0ab-4377-81e7-abd11879bb75/media/Spectrum_Scale_Varonis_Audit_Logging.pdf I haven't found anything else on the subject, however. While I like the idea of being able to do this logging on the protocol node level, I'm also interested in the possibility of auditing files from native GPFS mounts. Additional digging uncovered references to Lightweight Events (LWE): http://files.gpfsug.org/presentations/2016/SC16/04_Scott_Fadden_Spectrum_Scale_Update.pdf Specifically, this references being able to use the policy engine to detect things like file opens, reads, and writes. Searching through the official GPFS documentation, I see references to these events in the transparent cloud tiering section: https://www.ibm.com/support/knowledgecenter/en/STXKQY_4.2.2/com.ibm.spectrum.scale.v4r22.doc/bl1adm_define_cloud_storage_tier.htm but, I don't see, or possibly have missed, the other section(s) defining what other EVENT parameters I can use. I'm curious to know more about these events, could anyone point me in the right direction? I'm wondering if I could use them to perform rudimentary auditing of the file system (e.g. a default policy in place to log a message of say user foo either wrote to and/or read from file bar). Thanks, -Eric _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
