A network environment may be provided wherein information (data) is stored in secure storage served by one or more storage systems coupled to one or more security systems. Each security system is configured to transform unencrypted data (cleartext) generated by clients (or initiators) into encrypted data (ciphertext) destined for secure storage or “cryptainers” on the storage system (or target). As used herein, a cryptainer is a piece of storage on a storage device, such as a disk, in which the encrypted data is stored. In the context of a SAN environment, a cryptainer can be, e.g., a disk, a region on the disk or several regions on one or more disks that, in the context of a SAN protocol, is accessible as a lun. In the context of a NAS environment, the cryptainer may be a collection of files on one or more disks. Specifically, in the context of the CIFS protocol, the cryptainer may be a share, while in the context of the NFS protocol, the cryptainer may be a mount point.
Each cryptainer is associated with its own encryption key, e.g., a cryptainer key, which is used by the security system to encrypt and decrypt the data stored on the cryptainer. An encryption key is a code or number which, when taken together with an encryption algorithm, defines a unique transformation used to encrypt or decrypt data. Data remains encrypted while stored in a cryptainer until requested by an authorized client. At that time, the security system retrieves the encrypted data from the cryptainer, decrypts it and forwards the unencrypted data to the client.
As can be appreciated, a security system is a complex combination of hardware modules, software modules, etc. The various modules comprising the security system may occasionally suffer from an error condition due to, e.g., hardware failures, data corruption, improper configuration, etc. The probability of suffering an error condition increases over time as changes occur to the installation site due to, e.g., upgrades, expansion of systems, etc. An error condition may occur due to, e.g., user error, incorrect cabling, software errors and/or hardware failures. In response to detection of error conditions, the software modules typically utilize a conventional system logging module to maintain a system log (syslog) of error conditions. Should a major failure occur and the administrator of the security system request help from the security system vendor, typically a member of the technical support staff will need to examine the syslog to identify error messages that are relevant to the failure and to identify the cause of the failure. The technical support staff member may be required to examine a plurality of syslog files to identify potential causes. As certain improper configurations may result in hundreds or thousands of messages being logged per minute, the time required to perform a manual review of the syslog file, identify the cause(s) of the condition and identify a solution may be substantial. Furthermore, during the examination of the syslog file, the security system may need to be deactivated, thereby causing undesirable down time of the security system, with concomitant loss of access to encrypted data and/or loss of (de)encryption bandwidth.