cancel
Showing results for 
Search instead for 
Did you mean: 

NBU - tracking configuration changes

Thomas_Anthony
Level 5

Hello Forum, 

Is there a working method (or available NBU utils/logs, etc) to track who and when changes are made to a NBU environment ? 

 

Most NBU adminstration is done using the Java GUI, with remaining admin completed using the command line. The NBU admin su to root and then the auth.conf has all admins with the following config

 root ADMIN=ALL JBP=ALL
 * ADMIN=JBP JBP=ENDUSER+BU+ARC
 admins_name ADMIN=ALL JBP=ALL

 

We have NBU 7.6.0.3 on Linux Redhat 2.6

2 ACCEPTED SOLUTIONS

Accepted Solutions

mnolan
Level 6
Employee Accredited Certified

Something like NetBackup Auditing?

About NetBackup auditing

Article: HOWTO105855
Updated: November 19, 2014
Article URL: http://www.symantec.com/docs/HOWTO105855

 

View solution in original post

ravin_a
Level 4

do you have NBAC in your environment?

if No, we can check using nbauditreport, however using this command we can track the time of the modifications/changes in NBU.

Have a look on the below link to know more about nbauditreport.

https://support.symantec.com/en_US/article.HOWTO104940.html

 

View solution in original post

5 REPLIES 5

mnolan
Level 6
Employee Accredited Certified

Something like NetBackup Auditing?

About NetBackup auditing

Article: HOWTO105855
Updated: November 19, 2014
Article URL: http://www.symantec.com/docs/HOWTO105855

 

areznik
Level 5

Unless you're using NBAC (*shudder*) I think you're out of luck even for GUI auditing. You will see that a change was made but not who made it. I think even with NBAC you won't be able to see CLI-driven changes if your admins are elevating to root. 

ravin_a
Level 4

do you have NBAC in your environment?

if No, we can check using nbauditreport, however using this command we can track the time of the modifications/changes in NBU.

Have a look on the below link to know more about nbauditreport.

https://support.symantec.com/en_US/article.HOWTO104940.html

 

Nicolai
Moderator
Moderator
Partner    VIP   

For person referable auditing NBAC is the only solution.

While NBAC do add a bit of extra complexity its not that bad. 

Thomas_Anthony
Level 5

Thanks for the timely responses !  

 

NBAC is not configured on our NBU environment and it appears that it requires some major planning to implement. I'm guessing, perhaps incorrectly, that if NBAC was configured today, the detailed reporting would only be from today forward.

 

The command nbauditreport returns some really good configuration change info. It's unfortunate though that the NBU administrators are not setup to access NBU with root access using their individual accounts.  As mentioned, the NBU admins use "sudo su -" to directly access root privileges for NBU admin GUI and NBU commands, so all nbauditreport output shows all commands made by root@master.  Great command that returns good historical info.