- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: audit question
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-02-2009 12:05 PM
тАО03-02-2009 12:05 PM
audit question
FILE access:
Failure: read,write,execute,delete,control
SYSPRV: read,write,execute,delete,control
BYPASS: read,write,execute,delete,control
READALL: read,write,execute,delete,control
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-02-2009 12:30 PM
тАО03-02-2009 12:30 PM
Re: audit question
This looks like an extract from a SHOW AUDIT command. It could be from "alarms currently enabled" or "audits currently enabled". It shows that auditing will alarm or audit file access events for access failures, and privileged access using SYSPRV, BYPASS or READALL.
Now, what's the real question?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-02-2009 12:37 PM
тАО03-02-2009 12:37 PM
Re: audit question
For that output, that output from the SHOW AUDIT command means that the specified types of file access failures, and failures with the specified privileges, will generate either audits or alarms; as the output was truncated, I can't tell if that's for audits or alarms.
Please take the time to read the manual; it'll save you time, and it'll provide you with insight into how OpenVMS security is structured and operates, and pointers to the available options and commands.
The OpenVMS operating system manuals are available here:
http://www.hp.com/go/openvms/doc/
When you get into audits and alarms and privileges and ACLs (oh, my!), reading through the security manual is necessary but might not be sufficient. Grokking ACLs, for instance, is fundamental to understanding the read, write, execute, delete and control operations, for instance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-06-2009 10:49 AM
тАО03-06-2009 10:49 AM
Re: audit question
how much IO benifit I can gain by disabling this file access audit on BYPASs ? how can i do some bench mark testing ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-06-2009 12:28 PM
тАО03-06-2009 12:28 PM
Re: audit question
If not then use T4 or your choice of performance data collector and analyser and measure what's going on.
Is there a performance issue with this system, (particularly the disk on which the audit log is held) which has lead you to look at this?
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-06-2009 12:56 PM
тАО03-06-2009 12:56 PM
Re: audit question
so I was logically thinking that if we are auditing every successfull access to all the files this must be a heavy write operation to audit file right or not?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-06-2009 02:41 PM
тАО03-06-2009 02:41 PM
Re: audit question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-06-2009 03:02 PM
тАО03-06-2009 03:02 PM
Re: audit question
Actually, I am not sure that the supposition that auditing is involved in the high IO rate is warranted (it is certainly not proven).
As an example, what is the batch job [BATCH_794] doing? Also, there is a fair amount of page faulting.
How this fits into the overall performance picture is an excellent question. This snapshot may be representative, then again, it may not.
The access checks are done when the file is opened, not on every operation. Perhaps, a thorough review of system performance is in order [disclosure: we provide such services, as do Hoff and several other regular contributors].
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-06-2009 09:01 PM
тАО03-06-2009 09:01 PM
Re: audit question
Only on OPENS, not on simple writes
>> how much IO benifit I can gain by disabling this file access audit on BYPASs ?
Benefit by what measurement standard?
You seem to imply you want the benefit to be less IO. Do you have a reason to believe there is measureable, quantifiable, IO?
>> how can i do some bench mark testing ?
Try with, try without under similar load, over a similar time period and compare?!
>> we see heavy disk IO if we use monitor system. see attachement
I saw the attachement it show a good few DIRECT IOS in total.
So, that's great no? That's supposedly why they bought the system!
And what makes you believe that auditing is an intersting component in that picture?
Hot-file tool?
I see an busy Oracle task, so i would guess that most IOs are going to oracle file. I would want to confirm that by asking Oracle what it is doing (STATS_PACK, AWR,...)
What problem are you really trying to solve?
Best regards,
Hein van den Heuvel ( at gmail dot com )
HvdH Performance Consulting
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-09-2009 08:28 AM
тАО03-09-2009 08:28 AM
Re: audit question
I think our systems are doing excessive IO and i am trying to investigate that.
regards