Multi-volume audit trails for fault tolerant computers
First Claim
1. In a fault tolerant computing system having an audit generator, first and second primary audit trail storage processes, and first and second backup audit trail storage processes serving as backups for the first and second primary audit trail storage processes, wherein said audit trail storage processes store audit records generated by said audit generator in audit files accessible to said audit storage processes, a method for switching storage of currently generated audit records from said first primary audit trail storage process to said second primary audit trail storage process, said method comprising the steps of:
- receiving, at said first primary audit trail storage process, a buffer of audit records from said audit generator for storage in a first audit file accessible to said first primary audit trail storage process and said first backup audit trail storage process;
determining, at said first primary audit trail storage process, upon receipt of said buffer of audit records, that said first audit file is full and cannot accept said buffer of audit records;
thereaftersending a request message from said first primary audit trail storage process to said second primary audit trail storage process, said request message including a unique sequence number identifying a second audit file accessible to said second primary audit trail storage process and said second backup audit trail storage process;
sending a first checkpoint message from said second primary audit trail storage process to said second backup audit trail storage process upon receipt of said request message at said second primary audit trail storage process, said first checkpoint message including locator information identifying a position within said second audit file where storage of audit records is to begin;
sending a first checkpoint acknowledgement message from said second backup audit trail storage process to said second primary audit trail storage process in response to said first checkpoint message;
sending an acknowledgement message from said second primary audit trail storage process to said first primary audit trail storage process in response to said request message;
thereaftersending a second checkpoint message from said first primary audit trail storage process to said first backup audit trail storage process, said second checkpoint message including an indication that said first audit file is full; and
sending, in response to said second checkpoint message, a second checkpoint acknowledgement message from said first backup audit trail storage process to said first primary audit trail storage process.
4 Assignments
0 Petitions
Accused Products
Abstract
A fault tolerant computer system distributes audit trail files containing audit records, across an arbitrary number of disk volumes. After one audit trail file becomes full, audit records are directed toward a next audit trail file stored on a different disk volume. Storage of newly generated audit rotates through the disk volumes in round-robin fashion. Full audit trail files are eventually archived and their space becomes available again for renaming and storage of newly generated audit records. The number of audit records available for on-line recovery after a failure is not limited to the storage capacity of any single disk volume. Furthermore, there is no contention for disk access between archiving of full audit trail files and storage of newly generated audit records.
-
Citations
3 Claims
-
1. In a fault tolerant computing system having an audit generator, first and second primary audit trail storage processes, and first and second backup audit trail storage processes serving as backups for the first and second primary audit trail storage processes, wherein said audit trail storage processes store audit records generated by said audit generator in audit files accessible to said audit storage processes, a method for switching storage of currently generated audit records from said first primary audit trail storage process to said second primary audit trail storage process, said method comprising the steps of:
-
receiving, at said first primary audit trail storage process, a buffer of audit records from said audit generator for storage in a first audit file accessible to said first primary audit trail storage process and said first backup audit trail storage process; determining, at said first primary audit trail storage process, upon receipt of said buffer of audit records, that said first audit file is full and cannot accept said buffer of audit records;
thereaftersending a request message from said first primary audit trail storage process to said second primary audit trail storage process, said request message including a unique sequence number identifying a second audit file accessible to said second primary audit trail storage process and said second backup audit trail storage process; sending a first checkpoint message from said second primary audit trail storage process to said second backup audit trail storage process upon receipt of said request message at said second primary audit trail storage process, said first checkpoint message including locator information identifying a position within said second audit file where storage of audit records is to begin; sending a first checkpoint acknowledgement message from said second backup audit trail storage process to said second primary audit trail storage process in response to said first checkpoint message; sending an acknowledgement message from said second primary audit trail storage process to said first primary audit trail storage process in response to said request message;
thereaftersending a second checkpoint message from said first primary audit trail storage process to said first backup audit trail storage process, said second checkpoint message including an indication that said first audit file is full; and sending, in response to said second checkpoint message, a second checkpoint acknowledgement message from said first backup audit trail storage process to said first primary audit trail storage process.
-
-
2. In a fault tolerant computing system having an audit generator, a protocol management process, and a plurality of audit trail storage processes, wherein said audit trail storage processes are for storing audit records generated by said audit generator in audit files accessible to said audit storage processes, a method for rotating responsibility for storage of currently generated audit records among said audit trail storage processes:
-
a) assigning, using the protocol management process, a selected audit trail storage process to be a currently assigned audit trail storage process and a selected audit file accessible to said selected audit trail storage process to be a currently assigned audit file; b) transmitting buffers of audit records from said audit generator to said currently assigned audit trail storage process for storage in said currently assigned audit file; c) writing said buffers of audit records received from said audit generator from said currently assigned audit trail storage process to said currently assigned audit file; d) monitoring, at said currently assigned audit trail storage process, growth of said currently assigned audit file as successive buffers are written; e) comparing, at said currently assigned audit trail storage process, a size of said currently assigned audit trail file to a predetermined threshold; and f) upon a determination in said e)step that said size exceeds said predetermined threshold, sending a threshold warning message from said currently assigned audit trail storage process to said protocol management process.
-
-
3. In a fault tolerant computing system having an audit generator, and a plurality of audit trail storage processes, wherein said audit trail storage processes are for storing audit records generated by said audit generator in audit files accessible to said audit storage processes, wherein as successive audit files become full, current responsibility for storing audit records generated by said audit generator is transferred by sending a message from a previously responsible audit trail storage process to a newly responsible audit trail storage process, wherein successively used audit files are assigned unique sequence numbers in order, and wherein each audit trail storage process stores a sequence number identifying a last known audit file employed by one of said audit trail storage processes for storing audit records, a fault tolerant method for processing messages received at a first audit trail storage process, wherein said first audit trail storage process operates as if it were already the responsible audit trail storage process, said method comprising the steps of:
-
a) receiving, at said first audit trail storage process, a message from a second audit trail storage process, said message including an audit file sequence number of a next audit file for receiving audit records; b) extracting, at said first audit trail storage process, said audit file sequence number from said message; c) comparing said received audit file sequence number to the last known audit file sequence number stored in said first audit trail storage process; and d) upon a determination in said c) step that said received audit file sequence number is greater than the stored last known audit file sequence number,
1) closing the audit file identified by the audit file sequence number stored by the audit file sequence number stored within said first audit storage process and
2) opening a new audit file identified by said sequence number included within said message for receiving audit records from said first audit trail storage process.
-
Specification