ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

How do you audit administrator actions?

2004-08-05 00:22:58
Subject: How do you audit administrator actions?
From: Steve Harris <Steve_Harris AT HEALTH.QLD.GOV DOT AU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 5 Aug 2004 14:22:07 +1000 
Hi All,

suppose you were an IS amanager and were concerned to detect whenever 
administrators under your control changed things in TSM without filing 
approprate change management documentation and seeking approval beforehand.  
How would you approach this?

I can think of two possibilities -

1. Unload using sql to CSV files all of the relevant database tables daily, 
eliminating those fields that change without administrator action, and run a 
diff process between yesterday's and today's files to detect changes.

This has the advantage of completeness, but only compares snapshots, so it only 
captures the last change on a given day, and may not detect an implementation 
and backout.  It is also dependent on database structure, which will change 
unpredictably between versions.

2. Postprocessing the actlog.  

This has the issues of separating scheduled commands from live commands, spurii 
from syntax errors and filtering of delete/define/update commands from purely 
query commands.

I'm half inclined to do both in some sort of scripting language  - Ruby is my 
current flavour of the month, but Perl will do just as well.

What do the rest of you do?


Steve 

Steve Harris
AIX and TSM Admin

Queensland Health, Brisbane Australia




 



***********************************************************************************
This email, including any attachments sent with it, is confidential and for the 
sole use of the intended recipient(s).  This confidentiality is not waived or 
lost, if you receive it and you are not the intended recipient(s), or if it is 
transmitted/received in error.

Any unauthorised use, alteration, disclosure, distribution or review of this 
email is prohibited.  It may be subject to a statutory duty of confidentiality 
if it relates to health service matters.

If you are not the intended recipient(s), or if you have received this email in 
error, you are asked to immediately notify the sender by telephone or by return 
email.  You should also delete this email and destroy any hard copies produced.
***********************************************************************************
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • How do you audit administrator actions?, Steve Harris <=
Previous by Date:  Re: D2D vs. tape backups with TSM?, Tab Trepagnier
Next by Date:  InsertSlashHack missing dirDelimter - on W2K node with 5.1.5.9, Stumpf, Joachim
Previous by Thread:  Problems backing up 8 gbyte files from Netware 6 server using TSM 5.2.2.9 client, Peter Hadikin
Next by Thread:  InsertSlashHack missing dirDelimter - on W2K node with 5.1.5.9, Stumpf, Joachim
Indexes:  [Date] [Thread] [Top] [All Lists]