[8759] in Info-AFS_Redistribution
RE: Logging of admin operations
daemon@ATHENA.MIT.EDU (Neulinger, Nathan)
Tue Jun 26 13:06:06 2001
Message-ID: <F349BC4F5799D411ACE100D0B706B3BB768EB8@umr-mail03.cc.umr.edu>
From: "Neulinger, Nathan" <nneul@umr.edu>
To: "'Peter Scott'" <Peter.J.Scott@jpl.nasa.gov>, info-afs@transarc.com
Date: Tue, 26 Jun 2001 11:58:22 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="ISO-8859-1"
It'd be ugly, but you could put tethereal on your servers, set to capture on
all but the fileserver ports, and just watch the output (or process with
perl/etc) - it has support for almost all of the server calls.
But yeah, the best way by far would be to submit an enhancement to openafs.
-- Nathan
> -----Original Message-----
> From: Peter Scott [mailto:Peter.J.Scott@jpl.nasa.gov]
> Sent: Tuesday, June 26, 2001 11:47 AM
> To: info-afs@transarc.com
> Subject: Logging of admin operations
>
>
> It's vexing, if not impossible, to try and track down how
> some unexpected
> filesystem change came about: why is this PTS group gone, who
> removed this
> volume, etc. We would like to have logging of all commands
> requiring admin
> tokens if not all fs/vos/pts/kas.
>
> Yes, we could wrap them all, although that's no guarantee,
> and it doesn't
> help with third-party applications that are linked into the
> appropriate
> APIs. The right place to do this is on the server.
>
> I reckon the answer is, "Go ahead and hack that into OpenAFS
> if you want
> it," but does anyone have anything else to add?
> --
> Peter Scott
> Peter.J.Scott@jpl.nasa.gov
>
