Chat now with support
Chat mit Support

Change Auditor for Fluid File System 7.2 - User Guide

FluidFS Auditing templates

To enable FluidFS auditing, you must first create an auditing template for each cluster to audit. Each auditing template defines the location of the cluster to be audited, the auditing scope, and the agents that are to receive the events.

2
On the Administration Tasks tab, click Configuration and select Agent in the Configuration task list to open the Agent Configuration page.
Select the Change Auditor agents assigned to the FluidFS template and click Refresh Configuration to ensure the agents are using the latest configuration.To disable an auditing template:

The disable feature allows you to temporarily stop auditing the specified volume without having to remove the auditing template or individual volume from a template.

Place your cursor in the Status cell for the template to be disabled, click the arrow control and select Disabled.
The entry in the Status column for the template will change to ‘Disabled’.
2
To re-enable the auditing template, use the Enable option in either the Status cell or right-click menu.

FluidFS Auditing wizard

The FluidFS Auditing wizard displays when you click the Add tool bar button on the FluidFS Auditing page. This wizard steps you through creating a new FluidFS auditing template, specifying the volume to audit, and configuring the agents to receive the events.

The following table provides a description of the fields and controls in the FluidFS Auditing wizard.

Create or modify a FluidFS Auditing Template page: On the first page of the wizard, specify the FluidFS cluster to audit and define the auditing scope.

FluidFS cluster

Enter or select the FluidFS cluster from the drop-down list to be audited.

Volume

To select or enter a volume to be audited, you must enter the Change Auditor Configuration Service for Dell FluidFS location and an account that has administrative privileges to access Enterprise Manager. This allows the Coordinator to connect with the service and populate the list of available volumes to audit. The credentials are case sensitive.

Add

Use to move the volume to the selection list.

Remove

Select an entry in the selection list and click Remove to remove it from the list.

Events tab

Use the Events tab to select vital file and/or folder events.

File Events

Select the file events to audit. Select the File Events check box to select all of the file events listed or select individual events from the list.

Folder Events

Select the folder events to audit. Select the Folder Events check box to select all of the folder events listed or select individual events from the list.

Inclusions tab

Use the Inclusions tab to specify what in the selected volume will be audited.

Add the names of subfolders and files to audit

Enter a file mask to specify what in the volume to audit. The file mask can contain any combination of the following:

For example, entering * will include all folders and files in the selected audit path. See File/Folder Inclusion and Exclusion Examples for more file mask examples.

You can also enter the name of an individual subfolder or file that is to be included. However, if you enter the name of a subfolder, you will only receive events for operations performed against the specified subfolder. You will NOT receive events for operations performed against any child objects under the specified subfolder.

Once you have specified the subfolders or files to be included, click Add to add it to the Inclusions list.

Inclusions list

The list across the bottom of this page contains the subfolders and files selected for auditing. Use the buttons to the right of the text box to add and remove entries.

Add

Use to move the entry in the text box to the Inclusions list.

Remove

Select an entry in the Inclusions list and click Remove to remove it.

Exclusions Tab (Optional)

The Exclusions tab allows you to refine the settings defined on the Inclusions tab. That is, you can optionally specify the names and paths of any subfolders and files in the selected volume to exclude from auditing.

Add the names and paths of subfolders and files to exclude from auditing

Enter a file mask to specify the name and path of subfolders and files to be excluded from auditing. The file mask can contain any combination of the following:

For example, entering *.log will exclude all files in the audit folder with the .log file extension. Whereas, entering **.log will exclude all files with the .log file extension found in the audit folder or in any subfolders.

See File/Folder Inclusion and Exclusion Examples for more examples.

You can also enter the name of an individual subfolder or file that is to be excluded from auditing.

Once you have selected a subfolder or file to be excluded, select the appropriate Add button to add it to the Exclusions list.

Exclusions list

The list across the bottom of this page contains the folders, files and masks that are to be excluded from auditing. Use the buttons to the right of the text box to add and remove entries.

Add

Use one of the following Add commands to move the entry in the text box to the Exclusions list:

Add | Folder - use this option to exclude activity against files/subfolders in any folders that match the exclusion string.
Add | File - use this option to exclude activity against any files that match the exclusion string.

Remove

Select an entry in the Exclusions list and click Remove to remove it.

Select Change Auditor agents page: Use this page to select the Change Auditor agents that are to receive the events captured on the selected FluidFS cluster.

Add

Click Add to assign one or more Change Auditor agents to the FluidFS auditing template.

Selecting this button displays the eligible Change Auditor Agents dialog. From this dialog, select one or more agents and then click OK.

Remove

Click Remove to remove the selected agent from the list.

Change Auditor Agent list

The list across the bottom of the page lists the Change Auditor agents selected to capture events from the selected FluidFS cluster.

(Optional) Encryption settings page:

Turn encryption on to protect the data as it passes between the FluidFS cluster and the agents.

Refresh status

Click Refresh status to see the encryption status.

Turn on encryption for auditing

To enable encryption, select Turn on encryption for auditing, click the Set credentials for encryption, and enter the service account credentials for the FluidFS cluster to use when encrypting events.

FluidFS event logging

In addition to real-time event auditing, you can enable event logging to capture FluidFS events locally in a Windows event log. This event log can then be collected using InTrust™ to satisfy long-term storage requirements.

Event logging is disabled by default. When enabled, only configured activities are sent to the Change Auditor for FluidFS event log. See the Change Auditor for Fluid File System Event Reference Guide for a list of the events that can be sent to the event log.

2
Click Configuration.
3
Select Agent in the Configuration task list to display the Agent Configuration page.
4
Click the Event Logging tool bar button.
6
Click OK to save your selection and close the dialog.

FluidFS Searches/Reports

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen