The EMC Auditing page displays when you select EMC from the Auditing task list in the navigation pane of the Administration Tasks tab. From this page you can open the EMC Auditing wizard to specify the EMC file server (CIFS) to be audited, the auditing scope and the agents to receive the EMC events. You can also edit existing templates, disable/enable templates, and remove templates that are no longer being used.The EMC Auditing page contains an expandable view of all the EMC Auditing templates that have been previously defined. To add a new template to this list, use the Add tool bar button. Once added, the following information is provided for each template:
NOTE: Authorization to use the administration tasks on the Administrations Tasks tab is defined using the Application User Interface page under the Configuration task list. If you are denied access to the tasks on this page, refer to the Change Auditor User Guide for more information on how to gain access. |
1 |
Select View | Administration. |
2 |
Select Auditing. |
3 |
4 |
Click Add. |
• |
EMC File Server (CIFS) - Select the EMC file server (CIFS) from the drop-down list. Or enter the Netbios name or IP address of the EMC file server (CIFS) to be audited. |
• |
Audit Path - Select File. Enter a file name and path (i.e., <ShareName>\<Path>\<FileName>) to audit or click the browse button to locate and select a file. Click Add to move the specified audit path to the selection list. |
Volume auditing is not supported and should not be used. Select File or Folder as the Audit Path. |
• |
Events tab - Select the file events to audit for the file selected in the selection list. |
NOTE: Selecting the File Events check box at the top of the events list on the Events tab will select all of the events listed. Similarly, clearing this check box will clear all of the selected events. |
6 |
Click Next. |
• |
Click Add. |
NOTE: Isilon file server auditing: There is no need to enter the EMC Control Station credentials when configuring auditing on an Isilon server. Skip to Step 9. |
• |
Control Station - enter the IP address of the EMC Control Station. |
• |
User - enter the user name of an account with Administrative rights (required to create or modify the cepp.conf file) on the selected EMC Control Station. |
• |
Password - enter the password associated with the user name entered above. |
• |
Data Mover - select the data mover that hosts the CIFS file server specified on the first page of the wizard. |
• |
To deploy the proposed configuration file, click Update File. |
• |
To check the current status of the cepp service, click Check Status. |
• |
To audit the cepp.conf file checking for modifications made by another application, click Audit File. Select the Enable Auditing check box, review (and if necessary change) the polling interval, and select the Change Auditor agent to be used to poll this configuration file. Click OK to save your selections and close the dialog. |
9 |
10 |
On the Administration Tasks tab, click the Configuration task button. Select Agent to open the Agent Configuration page. |
11 |
To ensure the agents are using the latest configuration, select the Change Auditor agents assigned to the EMC Auditing template (Auditing appears in the EMC column) and click Refresh Configuration. |
1 |
Select View | Administration. |
2 |
Select Auditing. |
3 |
4 |
Click Add. |
• |
EMC File Server (CIFS) - Select the EMC file server (CIFS) from the drop-down list. Or enter the Netbios name or IP address of the EMC file server (CIFS) to be audited. |
• |
Audit Path - Select Folder. Enter a folder name and path (i.e., <ShareName>\<FolderName>) to audit or click the browse button to locate and select a folder. |
NOTE: Isilon file server auditing: When specifying file and folder paths to be audited, the file or folder’s absolute path should be used. Path values in Isilon events captured by Change Auditor are also represented in absolute paths. For example, if a share called ‘MyTestShare’ is sharing the path ‘\\isilon\ifs\test’, add the path ‘ifs\test’ in the auditing template to audit changes through the share. Change Auditor uses the default ‘ifs’ share for Isilon file/folder permission change events. If you have renamed this share, please specify the new share name on this page to continue support for these events. To change the default ifs share name, click the "Isilion admin share name" link on the top right hand corner of the page. |
6 |
By default, the scope of coverage for the selected folder will be This object and all child objects. However, you can change the scope, by selecting a different option from the drop-down box in the scope cell of the selection list: |
• |
This object only- select this option to audit only the selected folder, not its files or subfolders. |
• |
This object and child objects only - select this option to audit the selected folder and its direct files and subfolders. This is not recursive. |
• |
This object and all child objects - select this option to audit this folder and all of its files and subfolders. |
NOTE: Selecting the File Events or Folder Events check box at the top of the events list on the Events tab will select all of the events listed. Similarly, clearing these check boxes will clear all of the selected events. |
• |
Add | Folder - use this option to exclude activity against files/subfolders in any folders that match the exclusion string. |
• |
Add | File - use this option to exclude activity against any files that match the exclusion string. |
• |
Click Add. |
• |
NOTE: Isilon file server auditing: There is no need to enter the EMC Control Station credentials when configuring auditing on an Isilon server. Skip to Step 12. |
• |
Control Station - enter the IP address of the EMC Control Station. |
• |
User - enter the user name of an account with Administrative rights (rights to create or modify the cepp.conf file) on the selected EMC Control Station. |
• |
Password - enter the password associated with the user name entered above. |
• |
Data Mover - select the data mover that hosts the CIFS file server specified on the first page of the wizard. |
• |
To deploy the proposed configuration file, click Update File. |
• |
To check the current status of the cepp service, click Check Status. |
• |
To audit the cepp.conf file checking for modifications made by another application, click Audit File. Select the Enable Auditing check box, review (and if necessary change) the polling interval, and select the Change Auditor agent to be used to poll this configuration file. Click OK to save your selections and close the dialog. |
12 |
Click Finish to close the wizard and create the EMC Auditing template. |
13 |
On the Administration Tasks tab, click Configuration. Select Agent in the Configuration task list to open the Agent Configuration page. |
14 |
Select the agents assigned to the EMC Auditing template (Auditing appears in the EMC column) and click Refresh Configuration to ensure the agents are using the latest configuration. |
NOTE: Isilon file server auditing: Volume auditing is not support and should not be used. |
1 |
• |
EMC File Server (CIFS) - Select the EMC file server (CIFS) from the drop-down list. Or enter the Netbios name or IP address of the EMC file server (CIFS) to be audited. |
• |
Audit Path - Select Volume. Enter a volume name (i.e., <VolumeName>) to be audited or click the browse button to locate and select a volume. |
3 |
By default, the scope of coverage for the selected volume will be This object and all child objects, which cannot be changed. |
NOTE: Selecting the File Events or Folder Events check box at the top of the events list on the Events tab will select all of the events listed. Similarly, clearing these check boxes will clear all of the selected events. |
• |
Add | Folder - use this option to exclude activity against files/subfolders in any folders that match the exclusion string. |
• |
Add | File - use this option to exclude activity against any files that match the exclusion string. |
7 |
• |
Click Add. |
• |
• |
Control Station - enter the IP address of the EMC Control Station. |
• |
User - enter the user name of an account with Administrative rights (rights to create or modify the cepp.conf file) on the selected EMC Control Station. |
• |
Password - enter the password associated with the user name entered above. |
• |
Data Mover - select the data mover that hosts the CIFS file server specified on the first page of the wizard. |
• |
To deploy the proposed configuration file, click Update File. |
• |
To check the current status of the cepp service, click Check Status. |
• |
To audit the cepp.conf file checking for modifications made by another application, click Audit File. Select the Enable Auditing check box, review (and if necessary change) the polling interval, and select the Change Auditor agent to be used to poll this configuration file. Click OK to save your selections and close the dialog. |
9 |
Click Finish to close the wizard and create the template. |
10 |
On the Administration Tasks tab, click Configuration. Select Agent in the Configuration task list to open the Agent Configuration page. This will ensure the agents are using the latest configuration. |
11 |
Select the Change Auditor agents assigned to the EMC Auditing template (Auditing appears in the EMC column) and click Refresh Configuration. |
• |
Place your cursor in the Status cell for the template to be disabled, click the arrow control and select Disabled. |
2 |
To re-enable the auditing template, use the Enable option in either the Status cell or right-click menu. |
• |
Place your cursor in the Status cell for the audit path to be disabled, click the arrow control and select Disabled. |
2 |
To re-enable the auditing of an audit path, use the Enable option in either the Status cell or right-click menu. |
1 |
On the Auditing page, select the template to be deleted and click Delete | Delete Template. |
1 |
On the Auditing page, select the audit path to be deleted and click Delete | Delete File Path. |
2 |
1 |
On the Auditing page, select the agent to be deleted and click Delete | Delete Agent. |
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center