Enabling and configuring file audit logging using the installation toolkit
You can use the installation toolkit to enable and configure the file audit
logging function in the cluster definition file. After enabling
this function at the cluster level, you must enable it on file systems.
Based on the file
audit logging configuration options specified in the cluster definition file using the installation toolkit, the function
is enabled and configured in the cluster accordingly during the deployment.
For information on required packages for file audit logging, see Requirements and limitations for file audit logging and Installation prerequisites.
Prerequisites for file audit logging include:
- A minimum of three nodes are required to enable file audit logging. If you have fewer than three
protocol nodes, or you want to specify a different set of nodes to use for file audit logging that
are not protocol nodes, you must perform the following step after the installation completes but
before initiating the deployment procedure.Important: This step appears differently in the installation toolkit. Disregard that version and perform the following step instead:
mmmsgqueue enable -N NodeList
If you have three or more protocol nodes, this step is not required.
- A file system must be specified in the cluster definition file before you can enable file audit logging.
You can configure the file audit logging related options in the cluster definition file by using the installation toolkit as follows.
By default, file audit logging is disabled in the cluster definition file.
- To enable file audit logging in the cluster definition file,
issue the following command before doing installation or deployment with the installation
toolkit:
After enabling, file audit logging packages (gpfs.kafka and gpfs.librdkafka) are installed on all nodes in the cluster specified to the installation toolkit during the installation../spectrumscale fileauditlogging enable
- To disable file audit logging in the cluster definition file, issue the following
command:
./spectrumscale fileauditlogging disable
- To list the file audit logging configuration in the cluster definition file, issue the following
command:
./spectrumscale fileauditlogging list
You can verify whether file audit logging is enabled in the cluster definition file by viewing the output of the
./spectrumscale node list
command:
[ INFO ] List of nodes in current configuration:
[ INFO ] [Installer Node]
[ INFO ] 198.51.100.15
[ INFO ] Setup Type: SpectrumScale
[ INFO ]
[ INFO ] [Cluster Name]
[ INFO ] ESDev1
[ INFO ]
[ INFO ] [Protocols]
[ INFO ] Object : Disabled
[ INFO ] SMB : Enabled
[ INFO ] NFS : Enabled
[ INFO ]
[ INFO ] File Audit logging : Disabled
[ INFO ]
[ INFO ] GPFS Node Admin Quorum Manager NSD Server Protocol GUI Server OS Arch
[ INFO ] ESDev1-GPFS1 X X X X rhel7 x86_64
[ INFO ] ESDev1-GPFS2 X X rhel7 x86_64
[ INFO ] ESDev1-GPFS3 X X rhel7 x86_64
[ INFO ] ESDev1-GPFS4 X X X X rhel7 x86_64
[ INFO ] ESDev1-GPFS5 X X X X rhel7 x86_64
After enabling the file audit logging function in the cluster definition file, you must enable it on file systems on which
you want to enable file audit logging.
- To enable file audit logging on a file system in the cluster definition file, issue the following
command:
You can also specify the retention period and log fileset name with this command. For example, to specify a retention period of 180 days and to specify the log fileset name testlog, issue the following command:./spectrumscale filesystem modify --fileauditloggingenable FileSystemName
./spectrumscale filesystem modify --fileauditloggingenable --retention 180 --logfileset testlog FileSystemName
- To disable file audit logging on a file system in the cluster definition file, issue the following
command:
./spectrumscale filesystem modify --fileauditloggingdisable FileSystemName
Note: These file audit logging configuration-related changes become effective after the deployment
procedure, initiated with ./spectrumscale deploy, is completed.