Enhanced EO-compliant logging
InfoScale complies with the U.S. Presidential Executive Order (EO) 14028 (issued on May 12, 2021) with regards to event logging. In this release, the following enhancements have been made to the EO-compliant logging feature.
Event logging with key:value pairs
InfoScale provides the eocompliantlogging option to enable EO-compliance. When this option is enabled, InfoScale components log messages as per standard security requirements and follow the key:value pair format.
When EO-compliant logging is disabled (default), entries in the VCS engine logs appear as follows:
2025/04/28 02:20:38 VCS INFO V-16-1-10201 hacf -dump completed successfully,
received message on channel 1
2025/04/28 02:20:38 VCS INFO V-16-1-10201 hacf -dump completed successfully,
received message on channel 2
<!--NeedCopy-->
However, when EO-compliant logging is enabled, the log entries appear as follows:
Timestamp: "2025-05-08T03:36:01.764-04:00", Hostname: "punr740-15-v011.eng.internal",
Component: "VCS", Severity: "INFO", UMI: "V-16-1-10201", Message: "hacf -dump
completed successfully, received message on channel 1"
Timestamp: "2025-05-08T03:36:01.764-04:00", Hostname: "punr740-15-v011.eng.internal",
Component: "VCS", Severity: "INFO", UMI: "V-16-1-10201", Message: "hacf -dump
completed successfully, received message on channel 2"
<!--NeedCopy-->
When EO-compliant logging is disabled (default), entries in the VxVM cmdlog file appear as follows:
# **/usr/sbin/vxdisk -p list**
864569954, 16906, Thu Mar 7 12:44:50 2024 /usr/sbin/vxdisk -qe -o mfd list
0, 17100, Thu Mar 7 12:44:50 2024
<!--NeedCopy-->
However, when EO-compliant logging is enabled, the log entries appear as follows:
CID:"1829418939", PID:"7532", Timestamp:"2024-03-07T11:55:05.536+05:30",
Hostname:"myhost.domain.company.com" Command:"/usr/sbin/vxdg list mydg"
CID:"494905724", PID:"7545", Timestamp:"2024-03-07T11:55:05.593+05:30",
Hostname:"myhost.domain.company.com" Command:"/usr/sbin/vxprint -m -g mydg"
<!--NeedCopy-->
Custom permissions for InfoScale log files
To provide EO-compliant logging, all InfoScale log files permissions are set to 600 ( rw——-) by default. Only the owner of the log files has full read-write access. However, this default value may not be suitable for all environments. In certain cases, there can be a need to set different values for the log file permissions. To address this requirement, InfoScale provides component-specific tunable parameters that let you modify the corresponding log file permissions as needed.
For details, refer to the document that is applicable to your InfoScale setup:
- Cluster Server Administrator’s Guide
- Storage Foundation Administrator’s Guide
- Storage Foundation Cluster File System High Availability Administrator’s Guide
- Storage Foundation for Oracle RAC Administrator’s Guide