Personal tools

Ace:Audit Manager User Guide

From Adapt

Revision as of 20:29, 16 September 2008 by Toaster (talk | contribs)
Jump to: navigation, search

Overview

The ACE Audit manager is a web-based application that allows for easy auditing of millions of files and terabytes of data. It can perform two types of audits. The first, a file audit will check files in registered directories against stored hashes to ensure files have not been corrupted. The second type of audit, a token audit, will check the stored hashes against a remote Integrity Management Server to ensure nobody has tampered with the stored hashes.

The audit manager keeps extensive logs about the status of each file and any changes that are noticed. Any changes in collections can also be easily monitored through a status report.


Getting Started

The first page you will be greeted with is the status screen. This will likely be located at http://www.your_installation_server.com:8080/ace-am. Your sysadmin or whomever installed the software should be able to give you the URL to the Audit Manager.

Ace-status-screen-closed.jpg

If this is your first time using the Audit manager, you will not see any collections listed. See Registering New Collections below for information on registering your files.

  • State: Current state of the collection
    • Ace-running.jpgAudit is in progress
    • Ace-stopped.jpg No Audit is in progress
    • Ace-file-ok.jpg Collection was successfully audited and contains no errors.
    • Ace-error.jpg Collection contains errors, view report to see errors.
    • Ace-file-bad.jpg Collection has never fully completed an audit
  • Collection Name: Descriptive name of the collection.
  • Type: Type of collection, local files, srb, irods, etc
  • Total Files: total number of files in a collection. This won't show anything until the first audit has run
  • Last Audit: Last file audit on a collection.

Clicking on the name of any collection will show details for the collection. You can close the the details for a collection by clicking the 'x' next to the collections name in the upper left hand of the details window.

Ace-status-screen-open.jpg
  • Audit Status: One of the following three options
    • Idle : Collection is not in the process of being audited
    • File Audit : The integrity of each file in the collection is being checked
    • Token Audit : The Audit Manager is checking the integrity of it's database.
  • Last Complete Update: The last time a complete file audit was run.
  • Directory: The directory being monitored
  • Total Monitored Files: Total number of files in the collection, will be empty until the first complete audit runs

The Additional items will be shown if a file audit is in progress.

  • Total Files Scanned: How many files have been checked since the audit started
  • New Files Found: How many new files were found since the audit started
  • Tokens Added: How many tokens for new files were added. This may trail the new files found by a few items until the audit finishes.
  • Errors: Total number of errors encountered during this audit.

These items may be shows if a token audit is in progress.

  • Total Tokens Scanned: How many file digests have been scanned so far.
  • Tokens Validated: How many complete validations of digests have been performed. May trail total tokens by a few items.
  • Errors: Number of errors encountered during this audit.

The line of icons listed below a collection can be used to audit, browse, view logs and other stuff with the collection. If an audit is in progress, you may not see all of these listed.

  • Ace-file-audit-start.jpg Audit files in the collection
  • Ace-token-audit-start.jpg Audit tokens in the collection
  • Ace-stop.jpg Stop an in-progress audit
  • Ace-edit.jpg Modify collection settings
  • Ace-delete.jpg Remove a collection
  • Ace-browse.jpg View the contends of a collection
  • Ace-log.jpg View all log entries for a collection
  • Ace-report.jpg View report of any missing or corrupt files


Registering New Collections

Registering new collections consists of two parts, first is specifying the directory where your collection resides, and second is configuring any optional settings for accessing your collection.

  1. From the status screen, click 'Add Collection'.
  2. Enter the following settings for your collection:
    • Collection name: descriptive name for your collection
    • Location: Directory where your files are stored (ie, /home/username/Documents)
      • Audit Collection: Scan the collection every number of days for new files or looking for bad files. Enter 0 to turn this off
      • Storage Type: Where your is stored.
        • Local - Files are locally accessible from the server running the Audit Manager
        • SRB - Files are stored in the Storage Resource Broker
        • iRODS - Files are stored in iRODS
  3. Press 'Configure Storage' when finished.
  4. If needed, you may be asked for additional information to access your files. See documentation for the storage types.
  5. Press 'Save' when finished. You will be returned to the status screen and can now audit your collection.

Local Storage

Files that are available on the Audit Manager server are to be audited. This is NOT the machine that you are running your web browser on. Any directories listed must be locally available on the server. No additional configuration is necessary.

SRB

This driver is for files that are stored on the storage resourge broker. While the Audit Manager can audit files over long distance (UMD to SDSC) this is not recommended and all attempts should be made to run the audit manager close to the SRB so that latency is reduced.

If you already use the S-commands these are the same settings as your .MdasEnv file.

Configuration Settings:

  • Server: server address of your mcat (srb.sdsc.edu)
  • Port: port number for the mcat, default is 5544, but you may have a different one
  • Username: account that is able to read the files you want audited
  • Domain: domain for the above account
  • Password: password for the above account
  • Zone: home zone for the above account/mcat

For additional security, the account that you use to audit files does not need full access to files, but just read access.

iRODS

Configuration Settings:

  • Server:
  • Port:
  • Username:
  • Password:
  • Zone: Zone your account resides in.

Auditing Collections

There are several ways the integrity of collections in the Audit Manager are tested. First, is ensuring that no files have changed or gone missing. This scanning can occur manually, ie someone triggers a scan, or automatically, ie scan every 7 days. The second type of auditing involved checking to make sure the Audit Manager's own data is intact. This involves checking the integrity of every stored hash for a collection

Manual File Scanning

Collections or folders in ACE can be audited on demand.

Collection Audit
From the Status screen, select the collection you with to audit. In the details box, click the Ace-file-audit-start.jpg icon to start integrity checking of the entire collection.
Directory Audit
From the Status screen, select the collection you with to audit. Click the Ace-browse.jpg icon to to open the collection browser. Select the folder you with to audit and click the Audit files link to check every file and directory in that folder.

Periodic File Scanning

Collections in the Audit manager may be periodically scanned to ensure nothing has changed. Setting up the periodic scan is done from the collection management screen.

  • When creating a new collection, you can enter how often you wish to audit the collection.
  • For existing collections, you can modify their settings. From the status screen, click on the collection you will be auditing and click the Ace-edit.jpg icon. You can change your audit frequency and hit save


Hash Validation

Log Files

The Audit Manager keeps a record of everything that has ever occurred during a files lifetime. This includes every audit of a colleciton, when files were registered, any time they were found corrupt, etc. Since these logs can grow quite large, there is a method to filter log files based on the type of message, collection, item, and session.

Types of log messages

Status Reports

Managing Users