Enabling and configuring file audit logging using the installation toolkit
You can use the installation toolkit to enable and configure the file audit
logging function in the cluster definition file. After enabling
this function at the cluster level, you must enable it on file systems.
The file audit logging packages (gpfs.kafka and
gpfs.librdkafka) are installed on all supported nodes in the cluster specified
to the installation toolkit during the installation, even if file audit logging is not enabled in
the cluster configuration. In a cluster containing an ESS
system wherein the setup type is
ESS
or ess
in the cluster definition file, the file audit logging packages are
installed on protocol nodes and client nodes. They are not installed on ESS EMS and I/O server
nodes. Based on the file audit logging configuration options specified in the cluster definition file using the installation toolkit, the function
is enabled and configured in the cluster accordingly during the deployment.For information on required packages for file audit logging, see Requirements and limitations for file audit logging and Installation prerequisites.
Prerequisites for file audit logging include:
- If you have at least 3 or more protocol nodes defined in the
installation toolkit, those nodes are configured by the installation toolkit as broker nodes for the
message queue. If you do not have 3 protocol nodes, or if you want a subset of your protocol nodes
to become broker nodes, use the following command to specify a node as a broker
node.
./spectrumscale node add NodeName -b
Note: If the setup type isESS
oress
in the cluster definition file, the use of the-b
flag is blocked. You must manually enable the message queue and the file audit logging function after the Kafka packages are installed on nodes other than the EMS and I/O server nodes in a cluster containing ESS. For more information, see Manually installing file audit logging. - A file system must be specified in the cluster definition file before you can enable file audit logging.
You can configure the file audit logging related options in the cluster definition file by using the installation toolkit as follows.
By default, file audit logging is disabled in the cluster definition file.
- To enable file audit logging in the cluster definition file,
issue the following command before doing installation or deployment with the installation
toolkit:
./spectrumscale fileauditlogging enable
- To disable file audit logging in the cluster definition file, issue the following
command:
./spectrumscale fileauditlogging disable
- To list the file audit logging configuration in the cluster definition file, issue the following
command:
./spectrumscale fileauditlogging list
You can verify whether file audit logging is enabled in the cluster definition file by viewing the output of the
./spectrumscale node list
command:
[ INFO ] List of nodes in current configuration:
[ INFO ] [Installer Node]
[ INFO ] 198.51.100.15
[ INFO ] Setup Type: SpectrumScale
[ INFO ]
[ INFO ] [Cluster Name]
[ INFO ] ESDev1
[ INFO ]
[ INFO ] [Protocols]
[ INFO ] Object : Disabled
[ INFO ] SMB : Enabled
[ INFO ] NFS : Enabled
[ INFO ]
[ INFO ] File Audit logging : Disabled
[ INFO ]
[ INFO ] GPFS Node Admin Quorum Manager NSD Server Protocol GUI Server OS Arch
[ INFO ] ESDev1-GPFS1 X X X X rhel7 x86_64
[ INFO ] ESDev1-GPFS2 X X rhel7 x86_64
[ INFO ] ESDev1-GPFS3 X X rhel7 x86_64
[ INFO ] ESDev1-GPFS4 X X X X rhel7 x86_64
[ INFO ] ESDev1-GPFS5 X X X X rhel7 x86_64
After enabling the file audit logging function in the cluster definition file, you must enable it on file systems on which
you want to enable file audit logging.
- To enable file audit logging on a file system in the cluster definition file, issue the following
command:
You can also specify the retention period and log fileset name with this command. For example, to specify a retention period of 180 days and to specify the log fileset name./spectrumscale filesystem modify --fileauditloggingenable FileSystemName
testlog
, issue the following command:./spectrumscale filesystem modify --fileauditloggingenable --retention 180 --logfileset testlog FileSystemName
- To enable file audit logging on
a file system in the cluster definition file without many
default performance enhancements, issue the following
command:
./spectrumscale filesystem modify --fileauditloggingenable FileSystemName --degradedperformance
Using the --degradedperformance option reduces the amount of local disk space (10GB vs 20GB) that is required per broker node per file system enabled for file audit logging.
To disable the --degradedperformance option in the cluster definition file, issue the following command:./spectrumscale filesystem modify --fileauditloggingenable FileSystemName --degradedperformancedisable
- To disable file audit logging on a file system in the cluster definition file, issue the following
command:
./spectrumscale filesystem modify --fileauditloggingdisable FileSystemName
Note: These file audit logging configuration-related changes become effective after the deployment
procedure, initiated with ./spectrumscale deploy, is completed.