PowerScale Recommended Audit Event Configuration

• Overview
• OneFS 8.2 >
• OneFS < 8.2
• Optimizing the Events that are saved to the Database

Overview

This section covers the recommended audit events that should be configured for Easy Auditor that will provide the best balance of security versus load on the cluster.

OneFS 8.2 >

1. Audit Success:
   1. close_file_modified, create_directory, create_file, delete_directory, delete_file, get_security_directory, get_security_file, logoff, logon, open_file_noaccess, open_file_read, open_file_write, read_file, rename_directory, rename_file, set_security_directory, set_security_file, write_file

OneFS < 8.2

1. Audit Success:
   1. close | create | delete | get_security | logoff | logon | read | rename | set_security | write 

Optimizing the Events that are saved to the Database

NOTE in order to save database space and reduce processing of low value event types an advanced ECA variable controls what event types are saved to the database.

1. nano /opt/superna/eca/eca-env-common.conf
2. add this line and enter the event names in upper case separated by a comma.   Contact support to get safe values to add to this bypass optimization setting.
   1. export BYPASSED_EVTARCHIVE_EVENT_TYPES=FILE_CLOSE, CLOSE_FILE_UNMODIFIED, CLOSE_FILE_MODIFIED