Auditing Project Architecture VERY HIGH LEVEL Tanya Levshina
Grid Site with Log Search Service CE SE Grid application VO Spec application Syslog-ng Log Search Service OSG Central Facility Auditing Service Auditing Service Client Syslog-ng Log Search Service SE VO Spec application Grid application Syslog-ng CE Grid Site without Log Search Service Catch-All Log Search Service Host Central Repository Security Officer Site Central Log Monitoring Host Auditing Project Architecture VO Resource Site VO Services Host Gratia probes Gratia probes Gratia probes VO Spec application Syslog-ng site cluster host application log repository auditing data repository flow of data request flow of data storage Legend
Grid Site with Centralized Log collection Log Search Service Hosts multiple CEs and SEs Runs Grid and VO specific Services Uses syslog-ng to collect distributed log files in central repository Installs Gratia’s probes to report information about grid jobs Uses Log Search Service for logs monitoring Allows to execute queries to Log Search Service to authorized user
Gird Site without Log collection and Log Search Service Hosts multiple CEs and SEs Runs Grid and VO specific Services Uses syslog-ng or some other mechanism to collect distributed log files and forward them to central repository in OSG Facilities Installs Gratia’s probes to report information about grid jobs
VO Resources Site Runs VO specific Services Uses syslog-ng or some other mechanism to collect distributed log files and forward them to central repository in OSG Facilities Installs Gratia’s probes to report information about grid jobs
OSG Central Facility Set of nodes provided by one of OSG Grid Sites Offers –Auditing Service –Auditing Repository –Catch-All Log Search Service –Catch-All Central Log Repository
Auditing Project Context Diagram Auditing Service Active Storage Grid operation environment Gratia’s probes Auditing probes Globus Datagram Auditing Data Management MS Grid Configuration AAA Data Log Storage Query Executor Automaton Grid Security team Incident respondent Security assessor Suspected vulnerability Suspected incident OSG Security Information Service
Query Executor Admin Client Auditing DB Auditing Server User Client Archiver Report Generator MS Report Log Search Service Log Search Service Auditing Service Architecture Gratia DB
Auditing Service Components Auditing Server –Authenticates and authorized clients –Forwards authorized query to QE –Logs the request, its issuer and results in DB –Forwards authorized request for report to RG Query Executor –Receives request from AS –Queries all relevant Grid Site Log Search Services –Queries Gartia DB for information about finished grid jobs Archiver –Archives/de-archives historic events from/to mass storage Admin Client –Registers/Unregisters Grid Site and Site Security Admin –Registers/Unregisters Admin –Assigns/de-assigns Admin role based on credential –Allows Admin to define query –Allows Site Admin to approved predefined query User Client –Launches an authorized query –Requests report