[OpenAFS] Re: Recommendations/suggestions/utilities for auditing AFS logs
Andrew Deason
adeason@sinenomine.net
Sat, 24 May 2014 00:00:33 -0500
On Thu, 22 May 2014 14:44:32 -0400 (EDT)
"Thomas M. Payerle" <payerle@umd.edu> wrote:
> I am looking for any suggestions, recommendations, utilities, etc.
> anyone is willing to share re auditing AFS fileserver logs for changes
> to files, ACLs, etc.
>
> I recall a talk by Kim Kimball at the 2010 AFS workshop
> (http://workshop.openafs.org/afsbpw10/wed_2_1.html) regarding an
> utility called voldetails. Is that still available, and if so from
> where? Anyone using it and any comments on it?
If I recall correctly, the 'voldetails' tool was just the part that
converted FIDs to file paths. You can do the same thing with a tool
called 'volscan', which is part of openafs. That is not included in any
1.6 release yet, but you can build it from 'master' and just run the
binary against /vicepX partitions of existing openafs versions.
Or just use a 1.6 version of the patch for volscan. I assume Mike Meffie
has one somewhere.
That just helps with converting FIDs to files, though, which is just one
part of monitoring changes. I'm not aware of anyone that's shared a full
tool for capturing audit log data for tracking changes or compliance
purposes, etc.
--
Andrew Deason
adeason@sinenomine.net