Management Auditing

Server and Cluster Administration Guide for Hitachi NAS Platform

Part Number

The NAS server supports auditing of administrative and management operations, by reporting real-time configuration changes to a local file on the cluster node and also, if configured, an external syslog server. Events are described using the Common Event Format (CEF). This enables Administrators to recognize and track any management operations which can impact the security of customer data on the server and take remedial action more quickly.

Note: The audit log data is not replicated across nodes. Each cluster node records audit events for operations which were performed on that cluster node. General administration operations are audited where the admin EVS is located, while service EVS-specific operations are audited on the node where the service EVS is located. If the Administrator configures an external syslog server, all cluster nodes also send their audit events to that server.

The server records the following types of operations:

  • Activity masking - Commands which disable logging, auditing or alerts.
  • Vulnerability creation - Commands which modify security or allow security to be bypassed for Administrators or protocol clients.
  • Data compromising - Commands which copy or display customer and other data from the server.
  • Retention compliance - Commands which destroy customer data.
  • Operational - Operations that impact the availability or performance of the server.

The following commands are available for the configuration of management auditing:

  • audit-mgmt-log - displays the content of the management audit log on the present cluster node.
  • audit-mgmt-log-server-add - configures the NAS server to send management audit events to an external syslog server.
  • audit-mgmt-log-server-connections - displays the connection status (on the present cluster node) for currently configured syslog servers to which the NAS server sends management audit events.
  • audit-mgmt-log-server-delete - removes a previously configured syslog server from the list of servers to which the NAS server sends management audit events.
  • audit-mgmt-log-server-list - displays the currently configured syslog servers to which the NAS server sends management audit events.
  • audit-mgmt-log-stats - displays or resets statistics about entries written to the management audit log on a single cluster node.

For more information, see the man pages.