3.9.4.5. Security Audit
HPSS provides the ability to record information about authentication, file cre ation, deletion, access,
and authorization events. The security audit policy in each HPSS server determines what audit
records a server will generate. In general, all servers can create authentication e vents, but only the
Core Server will generate file events. The security audit records are sent t o the log file and are
recorded as security type log messages.
3.9.5. Logging Policy
The logging policy provides the capability to control which message types are written to the HPSS
log files. In addition, the logging policy is used to control whether alarms, events, and status
messages are sent to the Storage System Manager to be displayed. Logging policy is set on a per
server basis. Refer to Section 9.2.1: Creating a Log Policy of the HPSS Management Gui de for a
description of the supported message types.
If a logging policy is not explicitly defined for a server, the default log policy will be applied. The
default log policy is selected from the Global Configuration window. If no Default Log Policy entry
has been defined, only Alarm and Event messages will be logged. All Alarm, Event, and Status
messages generated by the server will also be sent to the Storage System Manager.
The administrator might consider changing a server’s logging policy under one of the following
circumstances:
A particular server is generating excessive messages. Under this circumstance, the administrator
could use the logging policy to limit the message types being logged and/or sent to the Storage
System Manager. This will improve performance and potentially eliminate clutter from the HPSS
Alarms and Events window. Message types to disable first would be Trace messages followed by
Debug and Request messages.
One or more servers are experiencing problems which require additional information to
troubleshoot. If Alarm, Debug, or Request message types were previously disabled, enabling these
message types will provide additional information to help diagnose the problem. HPSS support
personnel might also request that Trace messages be enabled for logging.
3.9.6. Location Policy
In past versions of HPSS, the location policy was used to provide the ability to control how oft en
Location Servers in an HPSS installation contacted other servers. The locatio n policy was used to
determine how often remote Location Servers were contacted to exchange server location
information.
This location policy information is still read by the Location Server, but, in the 6.2 version of HPSS it
has no practical value. It will probably be removed in future versions of HPSS.
3.9.7. Gatekeeping
The Gatekeeping Service provides a mechanism for HPSS to communicate information through a
well-defined interface to a installation specific customized software poli cy module. The policy
module is placed in a shared library, /opt/hpss/lib/libgksite.[a|so], which i s linked into the
Gatekeeper. The default policy module does no gatekeeping. If Gatekeeping services are desired in an
HPSS installation, this default policy module must be replaced with one that implements the desired
policy.
The locally implemented policy module determines which types of requests will be monitored
(authorized caller, create, open, and stage). Upon initialization, each Core Ser ver looks for a
HPSS Installation Guide July 2008
Release 6.2 (Revision 2.0) 99