The EMC Auditing wizard displays when you click Add on the EMC Auditing page. This wizard steps you through the process of creating a new EMC auditing template, specifying the EMC file server (CIFS) to be audited, the auditing scope and the agents to receive events.
The following table provides a description of the fields and controls in the EMC Auditing wizard:
Create or modify an EMC Auditing Template page: On the first page of the wizard, specify the EMC file server (CIFS) to auditand define the auditing scope. | |||||||||
Select the EMC file server (CIFS) from the list or enter the name of the EMC file server to audit. | |||||||||
Select one of the following options to define auditing for a file, folder or volume:
NOTE: Isilon file server auditing: When specifying a file path to be audited, you should use the file’s absolute path. Path values in Isilon events captured by Change Auditor are also represented in absolute paths. For example, if a share called ‘MyTestShare’ is sharing the path ‘\\isilon\ifs\test’, and you want to audit the file MyDoc.docx inside that share, add the path ‘ifs\test\MyDoc.docx’ in the auditing template.
NOTE: Isilon file server auditing: Volume auditing is not supported and should not be used.
Once you have entered the audit path to be audited, use the Add button to add it to the selection list. | |||||||||
Use the Add button to move the entry in the Audit Path text box to the selection list. NOTE: Even though you cannot edit the Audit Path when the All Volumes option is selected, you must still click Add to move it to the selection list. | |||||||||
Select an entry in the selection list and click Remove to remove it from the list. | |||||||||
When a Folder is selected, you can use the drop-down menu in the Scope field to change the scope of coverage for the folder.
| |||||||||
Events tab: Use the Events tab to select vital file and/or folder events. NOTE: The process for capturing ACL events is extremely slow. See Performance Considerations for more details on the process used to capture ACL events. | |||||||||
Select the file events to audit. Select the File Events check box to select all of the file events listed or select individual events from the list. | |||||||||
Select the folder events to audit. Select the Folder Events check box to select all of the folder events listed or select individual events from the list. | |||||||||
Inclusions tab: When the Folder, Volume or All Volumes option is selected in the Audit Path field and the Scope includes child objects, the Inclusions tab will be displayed allowing you to specify what in the selected audit path is to be audited. | |||||||||
Note: The slash (\) and double asterisk (**) characters can only be used with volumes. For example, entering * will include all folders and files in the selected audit path. See File/Folder Inclusion and Exclusion Examples for more file mask examples. Once you have specified the subfolders or files to be included, click Add to add it to the Inclusions list. | |||||||||
Use Add to move the entry in the text box to the Inclusions list. | |||||||||
Select an entry in the Inclusions list and click Remove to remove it. | |||||||||
Exclusions Tab (Optional): When the Folder, Volume or All Volumes option is selected in the Audit Path field and the Scope includes child objects, the Exclusions tab will be displayed allowing you to refine the settings defined on the Inclusions tab. That is, you can optionally specify the names and paths of any subfolders and files in the selected audit path that are to be excluded from auditing. | |||||||||
Add the names and paths of subfolders and files to exclude from auditing |
For example, entering *.log will exclude all files in the audit folder with the .log file extension. Whereas, entering **.log will exclude all files with the .log file extension found in the audit folder or in any subfolders. See File/Folder Inclusion and Exclusion Examples for more examples. You can also enter the name of an individual subfolder or file that is to be excluded from auditing. Once you have selected a subfolder or file to be excluded, select the appropriate Add button to add it to the Exclusions list. | ||||||||
Use one of the following Add commands to move the entry in the text box to the Exclusions list:
| |||||||||
Select an entry in the Exclusions list and click the Remove button to remove it. | |||||||||
Select Change Auditor agents page: Use this page to select the agents that are to receive the events captured on the selected EMC file server (CIFS).
| |||||||||
Click Add to assign one or more agents to the EMC Auditing template. | |||||||||
Click Remove to remove the selected agent from the list. | |||||||||
Click the Set Credentials button to enter the credentials to be used to access the selected EMC Control Station:
Click the Test button to validate the credentials entered. Once the credentials are validated, click OK to set the credentials as entered and close the dialog. | |||||||||
CEPP.CONF file page: If you have changed or added agents to your template, use this page to review the changes you are proposing to make to the cepp.conf file. This page displays the current and proposed cepp.conf files. In addition to viewing the current and proposed cepp.conf files, you can optionally make changes to the proposed cepp.conf file or deploy the proposed cepp.conf file on the selected EMC Control Station.
NOTE: Isilon file server auditing: This information is not required; click Finish to create the EMC Auditing template. | |||||||||
Click Update File to deploy the proposed configuration file on the EMC Control Station. | |||||||||
Click Check Status to run the following command to check the status of the cepp service: server_cepp <Data Mover Name> -pool -info | |||||||||
Click the Audit File button to enable or disable the auditing of the cepp.conf file for changes made by other third-party applications. Clicking this button displays the Configure cepp.conf Auditing dialog. To enable the auditing of this file, select the Enable Auditing check box and select a Change Auditor agent that is to poll for changes. Click OK to save your selections and close the dialog. | |||||||||
Displays the contents of the current cepp.conf file on the selected EMC Control Station. | |||||||||
2 |
Click Configuration. |
3 |
4 |
Click Configurations. |
7 |
Once you have set these settings, click OK to save your selections, close the dialog and return to the Agent Configuration page. |
8 |
On the Agent Configuration page, select the Change Auditor agent(s) assigned to the EMC Auditing template (Auditing appears in the EMC column) and click Refresh Configuration. |
Event logging is disabled by default. When enabled, only configured activities are sent to the EMC event log. See the Change Auditor for EMC Event Reference Guide for a list of the events that can be sent to the event log.
2 |
Click Configuration. |
3 |
Select Agent in the Configuration task list to display the Agent Configuration page. |
4 |
Click Event Logging. |
5 |
On the Event Logging dialog, select EMC Events. |
6 |
Click OK to save your selection and close the dialog. |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center