IBM HPSS manual Security Audit, Logging Policy, Location Policy, Gatekeeping

3.9.4.5. Security Audit

HPSS provides the ability to record information about authentication, file creation, deletion, access, and authorization events. The security audit policy in each HPSS server determines what audit records a server will generate. In general, all servers can create authentication events, but only the Core Server will generate file events. The security audit records are sent to the log file and are recorded as security type log messages.

3.9.5. Logging Policy

The logging policy provides the capability to control which message types are written to the HPSS log files. In addition, the logging policy is used to control whether alarms, events, and status messages are sent to the Storage System Manager to be displayed. Logging policy is set on a per server basis. Refer to Section 9.2.1: Creating a Log Policy of the HPSS Management Guide for a description of the supported message types.

If a logging policy is not explicitly defined for a server, the default log policy will be applied. The default log policy is selected from the Global Configuration window. If no Default Log Policy entry has been defined, only Alarm and Event messages will be logged. All Alarm, Event, and Status messages generated by the server will also be sent to the Storage System Manager.

The administrator might consider changing a server’s logging policy under one of the following circumstances:

•A particular server is generating excessive messages. Under this circumstance, the administrator could use the logging policy to limit the message types being logged and/or sent to the Storage System Manager. This will improve performance and potentially eliminate clutter from the HPSS Alarms and Events window. Message types to disable first would be Trace messages followed by Debug and Request messages.

•One or more servers are experiencing problems which require additional information to troubleshoot. If Alarm, Debug, or Request message types were previously disabled, enabling these message types will provide additional information to help diagnose the problem. HPSS support personnel might also request that Trace messages be enabled for logging.

3.9.6. Location Policy

In past versions of HPSS, the location policy was used to provide the ability to control how often Location Servers in an HPSS installation contacted other servers. The location policy was used to determine how often remote Location Servers were contacted to exchange server location information.

This location policy information is still read by the Location Server, but, in the 6.2 version of HPSS it has no practical value. It will probably be removed in future versions of HPSS.

3.9.7. Gatekeeping

The Gatekeeping Service provides a mechanism for HPSS to communicate information through a well-defined interface to a installation specific customized software policy module. The policy module is placed in a shared library, /opt/hpss/lib/libgksite.[aso], which is linked into the Gatekeeper. The default policy module does no gatekeeping. If Gatekeeping services are desired in an HPSS installation, this default policy module must be replaced with one that implements the desired policy.

The locally implemented policy module determines which types of requests will be monitored (authorized caller, create, open, and stage). Upon initialization, each Core Server looks for a