HP StorageWorks XP Audit Log reference guide for the XP12000/XP10000 and SVS 200 (5697-7157, November 2007)

ManualsBrandsHP ManualsSoftwareHP Remote Web Console XP

Table Of Contents

XP Audit Log reference guide
Table of Contents
About this guide
- Intended audience
- Prerequisites
- Related documentation
- Document conventions and symbols
- HP technical support
- Subscription service
- HP websites
- Documentation feedback
1 Introduction
- Introduction to audit log
  - Increasing data security
  - Providing an audit trail for regulatory compliance
- Introduction to the syslog server
- Purpose of audit logs
- Downloading the audit log file
  - Using the Audit button
  - Using the Syslog tab
- Transferring the audit log information file to the FTP server
- Transferring the audit log file to syslog servers
- Description of the audit log file
- Audit log file output
2 Audit log file format
- Login audit log file component
- Settings audit log file component
- Syslog information file component
  - Syslog information file monitoring threshold
3 Audit log functions, operations, and products
- Audit Log functions and operations
- Sample audit logs
- Acronyms in examples
4 Audit Log function
- Create File
- Over MaxLine event
- Over Threshold event
- Set FTP Server operation
- Set Syslog Server operation
- SIM Complete operation
5 Account function
- Set User Account operation
6 BASE function
- ChangeMode operation
- Set System Info operation
7 Cache function
- DCR Prestaging operation
- Delete M/F DCR operation
- Delete Open DCR operation
- Set M/F DCR operation
- Set Open DCR operation
8 CFL function
- LUNM operation
9 CPAV function
- Add Alias operation
- Delete Alias operation
10 Flex Copy XP function
- Delete Pair operation
- Pair Create operation
11 LUN Security XP Extension function
- Attribute operation
- Expiration Lock operation
- Release All Extents operation
- Retention-Term operation
- VMA operation
12 ENAS function
- Boot Management operation
- Set Cache Color operation
13 Information function
- Delete Log operation
- ORM Value operation
- SIM Complete operation
- SIM Reporting Option operation
- Threshold Value operation
14 Install function
- Add Host Group operation
- Add iSCSI Name operation
- Add iSCSI Target operation
- Add LU Path operation
- Add WWN operation
- All Config operation
- Assist Config operation
- Backup operation
- Backup Config operation
- Change Host Group operation
- Change iSCSI name operation
- Change iSCSI Target operation
- Change WWN operation
- DCR Prestaging operation
- Define Config. operation
- Delete DKC WWN operation
- Delete Host Group operation
- Delete iSCSI Name operation
- Delete iSCSI Target operation
- Delete LU Path operation
- Delete WWN operation
- DKU Emulation operation
- Force Reset operation
- Format operation
- Format Stop operation
- Init DKC iSCSI Name operation
- Initialize ORM Value operation
- Install operation
- Install CV operation
- Machine Install Date operation
- Make LUSE operation
- Make Vol./Vol. Init operation
- Micro Program operation
- MP Install operation
- M/F DCR operation
- New Installation operation
- Open DCR operation
- Patch Edit operation
- Release LUSE operation
- Restore operation
- Restore Config. operation
- Set Battery Life operation
- Set Channel Speed operation
- Set CommandDev operation
- Set CommandDevSec operation
- Set Fibre Address operation
- Set Fibre Topology operation
- Set Host Mode operation
- Set IP Address operation
- Set Security Switch operation
- Set Speed Mode operation
- Set Subsystem Time operation
- System Option operation
- System Tuning operation
- Uninstall operation
- Update Config operation
- Volume to Space operation
15 On Demand function
- Release Cache operation
- Release Cache/CLPR operation
- Release LUN operation
16 Logical Device (LDEV) function
- Volume-Blockade operation
- Volume-Format operation
- Volume-Format (H) operation
- Volume-Restore(F) operation
- Volume-Restore(N) operation
17 LUN Manager (LUNM) function
- Add Host Group operation
- Add iSCSI Name operation
- Add iSCSI Target operation
- Add LU Path operation
- Add WWN operation
- Auth Info (Host) operation
- Auth Info (Target) operation
- Change Host Group operation
- Change iSCSI name operation
- Change iSCSI Target operation
- Change WWN operation
- Delete DKC WWN operation
- Delete Host Group operation
- Delete iSCSI name operation
- Delete iSCSI Target operation
- Delete LU Path operation
- Delete WWN operation
- Init DKC iSCSI Name operation
- Set Authentication operation
- Set Channel Speed operation
- Set CommandDev operation
- Set CommandDevSec operation
- Set FCSP Host operation
- Set FCSP Port Info operation
- Set FCSP Port Switch operation
- Set FCSP Target operation
- Set Fibre Address operation
- Set Fibre Topology operation
- Set Host Mode operation
- Set IP Address operation
- Set iSNS operation
- Set Security Switch operation
- Set Speed Mode operation
- Set TCP/IP Port operation
18 Logical Unit Number Expansion (LUSE) function
- Make LUSE operation
- Release LUSE operation
19 Maintenance function
- Blockade operation
- Correction Copy operation
- Drive Interrupt operation
- Format operation
- Format Stop operation
- Recover operation
- Replace operation
- Restore operation
- Restore Data operation
- Size Change operation
- Spare Disk operation
- Switch SVP operation
- Transfer Config operation
- Type Change operation
- Verify operation
- Verify Stop operation
20 Performance Control Base Monitor function
- Monitoring S/W operation
21 PORT function
- Change Port operation
22 Optional Product (PP) KEY function
- File operation
- File Install operation
- Install operation
- Uninstall operation
23 Remote Control Unit (RCU) function
- Add Path operation
- Add RCU operation
- Change RCU Option operation
- Delete Path operation
- Delete RCU operation
24 Serverless Backup Enabler (SBE) function
- Port-Group (Forced) operation
- Port-Group (Normal) operation
25 Volume Shredder (SHRED) function
- End Shredding operation
- Set Shredding operation
- Suspend Shredding operation
26 Business Copy XP function
- Change Reserve operation
- Initialize operation
- Option operation
- Paircreate operation
- Pairresync operation
- Pairsplit operation
- Pairsplit-E operation
- Pairsplit-S operation
27 ShadowImage (SI) z/OS function
- Add Pair operation
- Change Reserve operation
- CTG operation
- Delete Pair operation
- Exp R_TBL(Disable) operation
- Exp R_TBL(Enable) operation
- Initialize operation
- Option operation
- Resync Pair operation
- Set SCP Time operation
- Split Pair operation
- Suspend Pair operation
28 SNMP function
- Set SNMP Agent operation
29 Performance Control function
- Change PPCGrp operation
- Clear PPC Info operation
- Default Set operation
- PPCGrp Del/Chg operation
- Set All Prio Port operation
- Set All Prio WWN operation
- Set Ctrl Kind operation
- Set Prio Port operation
- Set Prio WWN operation
- Update Port WWN operation
- Update PPCGrp operation
- Update WWN operation
30 Continuous Access XP function
- Add CTG operation
- Change Async Option operation
- Change CTG Option operation
- Change Option operation
- Change Pair Option operation
- Delete CTG operation
- Paircreate operation
- Pairresync operation
- Pairsplit-r operation
- Pairsplit-S operation
- Start Pair operation
31 TrueCopy (TC) z/OS function
- Add CTG operation
- Add Pair operation
- Change Async Option operation
- Change CTG Option operation
- Change Option operation
- Change Pair Option operation
- Clear SIM operation
- Delete CTG operation
- Delete Pair operation
- Resume Pair operation
- Script operation
- Start Pair operation
- Suspend Pair operation
32 Continuous Access XP - Journal function
- Journal-Option operation
- Journal-Vol operation
- Journal-Vol operation
- Paircreate operation
- Pairresync operation
- Pairsplit-r operation
- Pairsplit-S operation
- Pair-Option operation
- System-Option operation
33 Universal Replicator (UR) z/OS function
- Add Pair operation
- Clear-SIM operation
- Delete-Pair operation
- Edit-EXCTG operation
- Journal-Option operation
- Journal-Vol operation
- Journal-Vol operation
- Pair-Option operation
- Resume-Pair operation
- Suspend-Pair operation
- System-Option operation
34 External Storage XP function
- Add-Lu2 operation
- Add-Wwn operation
- Alternate-Path operation
- Check-Paths operation
- ChkPath-RestoreVol operation
- Delete-Lu (Force) operation
- Delete-Lu (Normal) operation
- Disconnect-Paths operation
- Disconnect-Volume operation
- WwnTimer operation
35 Virtual LVI / Virtual LUN (VLL) function
- Install CV operation
- Make Volume operation
- Set SSID operation
- Volume Initialize operation
- Volume to Space operation
36 Auto LUN (ALUN) function
- Create Auto Plan operation
- Del Auto Plan Log operation
- Delete Auto Plan operation
- Del Migration Log operation
- Set Auto Plan Param operation
- Set Class Threshold operation
- Set Fixed PG operation
- Set Migration Vol operation
- Set Plan Condition operation
- Set Reserved Vol operation
37 HP Disk/Cache Partition function
- Set operation
38 Volume Retention Manager (VRM) function
- Attribute operation
- VTOC operation
39 Volume Security (VSEC) function
- Set Group operation
40 V Volume (VVOL) function
- Add V-Vol operation
- Delete V-Vol operation
- Pool Change/Delete operation
- Pool Initialize operation
- Pool Restore operation
- Pool SIM Comp Req operation
- Set Pool operation
41 XRCR function
- Set XRC Option operation
A Audit log file output by function
Index

• In the United States, the Sarbanes-Oxley (SOX) Act establishes corporate accountability for all

public companies, requiring strict IT controls and processes. Specifically, Sarbanes-Oxley requires

companies to “Audit unauthorized access, misuse and fraud, in order to ensure the accuracy of

corporate financial and business information” and “maintain financial records for seven years.”

• Internationally, the Basel II Accord requires all internationally active banks to adopt similar or

consistent risk management practices. Banks are required to implement a comprehensive program

of risk prevention, detection, analysis and management, and mitigate operational risks associated

with IT systems by 2006. The accord recommends “retaining activity logs for 3 to 7 years.”

Introduction to the syslog server

Audit log uses the syslog server, which is a commonly-used simple utility and protocol, to exchange

log messages. The term syslog is often used for the protocol, the tools that send the logs, as well as

the individual logs and the log files themselves.

The syslog architecture can be summarized as follows:

• Senders (devices and relays) send messages to relays or collectors with no knowledge of whether

it is a collector or relay.

• Senders may be configured to send the same message to multiple receivers.

• Relays may send all or some of the messages that they receive to a subsequent relay or collector.

If relays do not forward all of the messages, they are acting as both a collector and a relay. In

the following figure, these devices are designated as relays.

• Relays may also generate their own messages and send them on to subsequent relays or collectors.

In that case, it is acting as a device.

The following figure illustrates some common syslog configurations.

Figure 1 Examples of syslog architecture

The specific needs of your particular business will determine the system architecture. From a storage

perspective, knowing where the log events need to be shipped, how the events need to be handled,

and then implementing it appropriately represents the end point. The storage layer need only concern

Introduction26