Monday, December 10, 2012

Using rsyslog with Netapp's snaplock

Netapp's "snaplock" technology allows one to create "write-once, read many" ("WORM") volumes that allow data to be written but not modified or deleted -- especially not if "compliance" mode is used. While this is not a true "WORM" -- it's still done entirely in software and therefore can theoretically be hacked -- it adds an extra layer of security to your infrastructure, especially if you already rely on netapps for your NAS needs.

Any file stored on a snaplock volume can be given WORM protection by first doing a "touch" and setting the atime with the date in the future, and then setting a read-only mode on the file. If after setting "read-only" on a file you give it a read-write permission, the file will be put into "append" mode -- data can be appended to the file, but no previously stored data can be modified or deleted (data is "locked" in 256K chunks).

This is extremely handy for storing system logs or copies of emails for archival purposes. We have a syslog aggregator that receives all our system logs, including auditd. I wrote a simple script that runs out of /etc/cron.daily that pre-creates the "append-only" locations for rsyslog to write to, plus sets read-only on yesterday's logs. Here's the code:

On rsyslog's side of things you'll need something like the following in order to write to these locations:

And, finally, you'll need to do some SELinux manipulations in order to allow rsyslog to write to the NFS location, such as setting the mount context to var_log_t. If you do that, then you'll need the following SELinux policy in order to allow the cron script from above to run:


Kayal m said...

These posts are very superb! I must say to you it was really helpful for us and I am waiting for your more different kinds of posts. Thank you!!!
Linux Training in Chennai
Linux Course in Chennai
Best Linux Training Institute in Chennai
Excel Training in Chennai
Corporate Training in Chennai
Embedded System Course Chennai
Linux Training in OMR
Linux Training in Velachery

emilyjoseph said...

Thanks for sharing this valuable information to our vision. You have posted a worthy blog keep sharing.
Salesforce Training in Chennai
Salesforce Training
Development courses in Chennai
ccna course in Chennai
PHP Training in Chennai
Salesforce Training
Salesforce Course in Chennai

Sivanandhana Girish said...

This was an excellent info being posted. This would definitely help the needed ones to a greater extend.

IELTS Coaching in Tambaram
IELTS Coaching Centre in Tambaram
IELTS Training in Tambaram
IELTS Coaching In Velachery
IELTS Coaching Centre in Velachery
IELTS Training in Velachery
IELTS Coaching in T Nagar
IELTS Classes in T Nagar
IELTS Training in T Nagar

sheela rajesh said...

Nice idea,keep sharing your ideas with us.i hope this information's will be helpful for the new learners.
iOS Training in Chennai
iOS Course in Chennai
JAVA Training in Chennai
Python Training in Chennai
Hadoop Training in Chennai
Android Training in Chennai
IOS Training in Chennai
iOS Training in OMR

ProPlus Logics said...

Hey Nice Blog!! Thanks For Sharing!!!Wonderful blog & good post.Its really helpful for me, waiting for a more new post. Keep Blogging!
SEO company in coimbatore
Digital Marketing Company in Coimbatore
SEO Services in coimbatore

lekha mathan said...

Very good information provided, Thanks a lot for sharing such useful information.
Aviation Academy in Chennai
Air hostess training in Chennai
Airport management courses in Chennai
Ground staff training in Chennai
Aviation Courses in Chennai
air hostess academy in Chennai
Airport Management Training in Chennai
airport ground staff training in Chennai

Ram Niwas said...
This comment has been removed by the author.
Sathya said...

Interesting information and attractive.This blog is really rocking... Yes, the post is very interesting and I really like it.I never seen articles like this. I meant it's so knowledgeable, informative, and good looking site. I appreciate your hard work. Good job.
Kindly visit us @
Sathya Online Shopping
Online AC Price | Air Conditioner Online | AC Offers Online | AC Online Shopping
Inverter AC | Best Inverter AC | Inverter Split AC
Buy Split AC Online | Best Split AC | Split AC Online
LED TV Sale | Buy LED TV Online | Smart LED TV | LED TV Price
Laptop Price | Laptops for Sale | Buy Laptop | Buy Laptop Online
Full HD TV Price | LED HD TV Price
Buy Ultra HD TV | Buy Ultra HD TV Online
Buy Mobile Online | Buy Smartphone Online in India

Laxman S said...

I’m really impressed with your article, such great & usefull knowledge you mentioned here. Thank you for sharing such a good and useful information here in the blog
Kindly visit us @
SMO Services India | Social Media Marketing Company India
Social Media Promotion Packages in India | Social Media Marketing Pricing in India
PPC Packages India | Google Adwords Pricing India
Best PPC Company in India | Google Adwords Services India | Google Adwords PPC Services India
SEO Company in India | SEO Company in Tuticorin | SEO Services in India
Bulk SMS Service India | Bulk SMS India