Re: [Veritas-bu] NetBackup changes
You can utilize CVS/SVN tools to track changes, because you can retain a database of all changes, which includes what and who. You can also run the command below to create a baseline configuration: bppllist -allpolicies -U > allpolicies_base Then have a "cron" or "at" job run every 24 hours running the same command and redirecting the output to a file appended with the current date and time. Then running diff against both files and capturing the differences, which can be emailed, and stored in a data repository. This will not provide who, but it is a systematic way of capturing changes. -- Cheers, Tito Hernandez ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] NetBackup changes
We used to use subversion (SVN) a version control system to track our changes. We would first do a list of all of the policies using the following command: bppllist -allpolicies -U > policylistfile This file was then checked into subversion along with a change control request number (we did not make changes without first getting a request from someone). This system was very useful in finding out when & what changes to the backup policies were made. So, if we needed to find out who made the change to the path for a given policy, we could look it up and find out that there was a request to do so by a given user.very helpful indeed! --stuart -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, February 15, 2008 8:56 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; veritas-bu@mailman.eng.auburn.edu Subject: Re: [Veritas-bu] NetBackup changes We do use tripwire. It gives us the "what" but not the "who". One problem for auditing we've found is that the while the java gui can log the command strings, there's always the command line to circumvent. If you don't hand out root and only use the GUI, then you can add the "-lc" option to the jnbSA command line and log the commands it runs in the background. So, write a wrapper script to jnbSA, add the "-lc" option and a specific log file location like this and you're got something that might work. example: >cat jnb /usr/openv/netbackup/bin/jnbSA -l /usr/openv/netbackup/logs/gui_logs/$USER.`date +%y%m%d%H%M%S` -lc ... It's not much but it keeps our auditors happy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Sent: Friday, February 15, 2008 9:34 AM To: 'Jimmy Stewpot'; veritas-bu@mailman.eng.auburn.edu Subject: Re: [Veritas-bu] NetBackup changes You don't mention what OS, but perhaps "tripwire" or "big brother" would be of help. Regards, Patrick Whelan Whelan Consulting Limited VERITAS Certified NetBackup Support Engineer for UNIX. VERITAS Certified NetBackup Support Engineer for Microsoft Windows. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Stewpot Sent: 15 February 2008 15:37 To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] Netbackup changes Hello, I am interested to know if anyone has or knows of any software which can easily track the changes made in netbackup. We have a fairly large install and would like to be able to track who makes changes to what and when for obvious reasons. I have had a look at the documentation but its not clear if its possible in the "standard product". Does anyone have any advice that they can provide me? Regards, Jimmy ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] NetBackup changes
We do use tripwire. It gives us the "what" but not the "who". One problem for auditing we've found is that the while the java gui can log the command strings, there's always the command line to circumvent. If you don't hand out root and only use the GUI, then you can add the "-lc" option to the jnbSA command line and log the commands it runs in the background. So, write a wrapper script to jnbSA, add the "-lc" option and a specific log file location like this and you're got something that might work. example: >cat jnb /usr/openv/netbackup/bin/jnbSA -l /usr/openv/netbackup/logs/gui_logs/$USER.`date +%y%m%d%H%M%S` -lc ... It's not much but it keeps our auditors happy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Sent: Friday, February 15, 2008 9:34 AM To: 'Jimmy Stewpot'; veritas-bu@mailman.eng.auburn.edu Subject: Re: [Veritas-bu] NetBackup changes You don't mention what OS, but perhaps "tripwire" or "big brother" would be of help. Regards, Patrick Whelan Whelan Consulting Limited VERITAS Certified NetBackup Support Engineer for UNIX. VERITAS Certified NetBackup Support Engineer for Microsoft Windows. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Stewpot Sent: 15 February 2008 15:37 To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] Netbackup changes Hello, I am interested to know if anyone has or knows of any software which can easily track the changes made in netbackup. We have a fairly large install and would like to be able to track who makes changes to what and when for obvious reasons. I have had a look at the documentation but its not clear if its possible in the "standard product". Does anyone have any advice that they can provide me? Regards, Jimmy ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] Netbackup changes
Hi Thanks for your response, is we run the GUI from a windows system remotely can we enable logging on the server and the logs are stored there? It maybe a stupid question but i cannot find it in the administration guides. Regards, Jimmy rcarlisle wrote: > You can turn auditing on in the JAVA GUI, if you use that. However, the > tracking will be on the system that anyone logged in on. You can tie that > down to one system and that would allow you to control it a little better. > I know that Aptare also does track some changes from within the GUI...but I > am not positive what level it comes down to. > > Since any product is going to be somewhat dependant on what resources > Symantec has natively (if the changes aren't tracked within the product at > all, it's hard for a third party software to track them), it might be hard > to find a product that doe what you are looking for. Depending on the level > of auditing you want. > > I do know that NBU 7.0 is going to be a security focused release with much > more emphasis on auditing and tracking information. > > > > > ReneƩ Carlisle > ServerWare Corporation > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy > Stewpot > Sent: Friday, February 15, 2008 10:37 AM > To: veritas-bu@mailman.eng.auburn.edu > Subject: [Veritas-bu] Netbackup changes > > Hello, > > I am interested to know if anyone has or knows of any software which can > easily track the changes made in netbackup. We have a fairly large > install and would like to be able to track who makes changes to what and > when for obvious reasons. I have had a look at the documentation but its > not clear if its possible in the "standard product". Does anyone have > any advice that they can provide me? > > Regards, > > Jimmy > ___ > Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu > http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu > > > This Email has been scanned for all viruses by PAETEC Email Scanning > Services, utilizing MessageLabs proprietary SkyScan infrastructure. For more > information on a proactive anti-virus service working around the clock, > around the globe, visit http://www.paetec.com. > > > ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] NetBackup changes
You don't mention what OS, but perhaps "tripwire" or "big brother" would be of help. Regards, Patrick Whelan Whelan Consulting Limited VERITAS Certified NetBackup Support Engineer for UNIX. VERITAS Certified NetBackup Support Engineer for Microsoft Windows. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Stewpot Sent: 15 February 2008 15:37 To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] Netbackup changes Hello, I am interested to know if anyone has or knows of any software which can easily track the changes made in netbackup. We have a fairly large install and would like to be able to track who makes changes to what and when for obvious reasons. I have had a look at the documentation but its not clear if its possible in the "standard product". Does anyone have any advice that they can provide me? Regards, Jimmy ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
Re: [Veritas-bu] Netbackup changes
You can turn auditing on in the JAVA GUI, if you use that. However, the tracking will be on the system that anyone logged in on. You can tie that down to one system and that would allow you to control it a little better. I know that Aptare also does track some changes from within the GUI...but I am not positive what level it comes down to. Since any product is going to be somewhat dependant on what resources Symantec has natively (if the changes aren't tracked within the product at all, it's hard for a third party software to track them), it might be hard to find a product that doe what you are looking for. Depending on the level of auditing you want. I do know that NBU 7.0 is going to be a security focused release with much more emphasis on auditing and tracking information. ReneƩ Carlisle ServerWare Corporation -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Stewpot Sent: Friday, February 15, 2008 10:37 AM To: veritas-bu@mailman.eng.auburn.edu Subject: [Veritas-bu] Netbackup changes Hello, I am interested to know if anyone has or knows of any software which can easily track the changes made in netbackup. We have a fairly large install and would like to be able to track who makes changes to what and when for obvious reasons. I have had a look at the documentation but its not clear if its possible in the "standard product". Does anyone have any advice that they can provide me? Regards, Jimmy ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu This Email has been scanned for all viruses by PAETEC Email Scanning Services, utilizing MessageLabs proprietary SkyScan infrastructure. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.paetec.com. ___ Veritas-bu maillist - Veritas-bu@mailman.eng.auburn.edu http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu