Chat now with support
Chat with Support

Change Auditor 7.0.4 - Web Client User Guide

Install Change Auditor Web Client Web Client Overview Overview Page Shared Overviews Administration Page Searches Page Search Results Page Administration Tasks Page Configuration Tasks (Administration Tasks Page) Auditing Tasks (Administration Tasks Page) Protection Tasks (Administration Tasks Page) Change Auditor Client Comparison

NAS

The tasks under this heading are used to create auditing templates for NAS devices. After creating an EMC, Fluid File System, or NetApp auditing template, see Templates with defined agents for information on immediately enabling the auditing defined in these templates.

See the following administration task descriptions for more information:

EMC auditing

To enable EMC auditing, you must first create an EMC Auditing template for each EMC file server (CIFS) to be audited. Each auditing template defines the location of the EMC file server to be audited, the auditing scope, and the Change Auditor agents that are to receive the EMC events.

The EMC Auditing page is displayed when EMC is selected from the Auditing task list in the navigation pane of the Administration Tasks page, and contains an expandable view of all the EMC Auditing templates that have been previously defined. From this page you can launch the EMC Auditing wizard to specify the EMC file server (CIFS) to be audited, the auditing scope and the agents that are to receive the EMC events. You can also edit existing templates, disable/enable templates, and remove templates that are no longer being used.

2
Click Auditing.
3
Select EMC (under the NAS heading in the Auditing task list) to open the EMC Auditing page.
4
Click Add to launch the EMC Auditing wizard.

Welcome

Specify the EMC File Server (CIFS) to be audited.

2
Click Next.

File Path Selection (File)

Provide the name and path of a file(s) to be audited. Use the Events tab to select vital file events.

2
Enter the file name and path (i.e., <ShareName>\<Path>\<FileName>) to be audited.
Isilon file server auditing: When specifying a file path to be audited, you should use the file’s absolute path. Path values in Isilon events captured by Change Auditor are also represented in absolute paths. For example, if a share called ‘MyTestShare’ is sharing the path ‘\\isilon\ifs\test’, and you want to audit the file MyDoc.docx inside that share, add the path ‘ifs\test\MyDoc.docx’ in the auditing template.
3
Click Add to add it to the selection list.
4
On the Events tab, select individual file events to be audited or select the File Events check box to select all listed file events.
5
Click Next.

Agent Selection

Select the Change Auditor agents to be used to monitor the EMC file server.

If the Change Auditor agents are not already specified in the cepp.conf file (pool namesakes servers entry), use Set Credentials to provide the credentials and create the cepp.conf file.

1
Click Add to open the Eligible Change Auditor Agents dialog.
3
Click OK and continue to Step 8. If the list appears empty, click Cancel to return to the Agent Selection page.
Control Station - IP address of the EMC Control Station.
User - user name of an account with Administrative rights on the EMC Control Station.
Password - password associated with the user name.
Data Mover - use the drop-down to select the Data mover that hosts the CIFS file server specified on the first wizard page.
5
Click Test to validate the credentials. Once the credentials have been validated, click OK.
6
Click Add to open the Eligible Change Auditor Agents dialog.
8
Click Next.

Configuration

Review the proposed cepp.conf file.

(Optional) From this page you can also deploy the proposed configuration file, check the status of the cepp service and audit the cepp.conf file.

2
(Optional) Click Update File to deploy the proposed configuration file on the EMC Control Station.
3
(Optional) Click Check Status to check the status of the cepp service.
4
(Optional) Click Audit File to enable/disable the auditing of the cepp.conf file for changes made to this configuration file by third-party applications.
5
Click Finish to save the template and close the wizard.
2
Click Auditing.
3
Select EMC (under the NAS heading in the Auditing task list) to open the EMC Auditing page.
4
Click Add to open the EMC Auditing wizard.

Welcome

Specify the EMC File Server (CIFS) to be audited.

2
Click Next.

File Path Selection (Folder/Volume/All Volumes)

Provide the name and path of a folders/volumes to be audited. Use the available tabs to select specific events and file masks to audit. You can also exclude certain subfolders and files from auditing.

1
For the audit path, select Folder, Volume or All Volumes.
2
If Folder is selected, enter the folder name and path (<ShareName>\<FolderName>) to audit, and click Add.
3
If Volume is selected, enter a volume name (<VolumeName>), and click Add.
4
If All Volumes is selected, click Add to add all volumes.
5
Click in the Scope cell to change the scope of coverage.
6
On the Events tab, select individual file and folder events to audit, or select the File Events and Folder Events check boxes to select all listed events.
Note: The slash (\) and double asterisk (**) characters can only be used with volumes.
Click Add to add it to the inclusion list.
Use Add | Folder to exclude activity against any matching files/subfolders or Add | File to exclude activity against matching files.
9
Click Next.

Agent Selection

Select the agents to be used to monitor the EMC file server.

If the Change Auditor agents are not already specified in the cepp.conf file (pool name=quest servers entry), you will need to provide credentials.

1
Click Add to open the Eligible Change Auditor Agents dialog.
3
Click OK and continue to Step 8. If the list appears empty, click Cancel to return to the Agent Selection page.
Control Station - IP address of the EMC Control Station.
User - user name of an account with Administrative rights on the EMC Control Station.
Password - password associated with the user name.
Data Mover - use the drop-down to select the Data mover that hosts the CIFS file server specified on the first wizard page.
5
Click Test to validate the credentials. Once the credentials have been validated, click OK.
6
Click Add to open the Eligible Change Auditor Agents dialog.
8
Click Next.

Configuration

Review the proposed cepp.conf file.

(Optional) From this page you can also deploy the proposed configuration file, check the status of the cepp service and audit the cepp.conf file.

2
(Optional) Click Update File to deploy the proposed configuration file on the EMC Control Station.
3
(Optional) Click Check Status to check the status of the cepp service.
4
(Optional) Click Audit File to enable/disable the auditing of the cepp.conf file for changes made to this configuration file by third-party applications.
5
Click Finish to save the template and close the wizard.

NetApp auditing

To enable NetApp filer auditing, you must first create a NetApp auditing template for each NetApp filer to be audited. Each auditing template defines the NetApp filer to be audited, the auditing scope, and the agents that are to receive the events.

The NetApp Auditing page is displayed when NetApp is selected from the Auditing task list in the navigation pane of the Administration Tasks page. From this page you can open the NetApp Auditing wizard to specify the NetApp filer to audit, the auditing scope, and the agents that are to receive the NetApp events. You can also edit existing templates, disable/enable templates, and remove templates that are no longer being used.

2
Click Auditing.
3
Select NetApp (under the NAS heading in the Auditing task list) to open the NetApp Auditing page.
4
Click Add to open NetApp Auditing wizard.

Welcome

Specify the NetApp filer to be audited.

2
File and folder auditing is supported in both 7-mode (non-cluster mode) and cluster mode. Select Detect filer mode to determine which mode you have deployed.

If you are operating in cluster mode, credentials must be set for all agents. The credentials set must be for users with ONTAPI access on the filer. Enter the credentials and click OK.
3
Click Next.

File Path Selection (File)

Provide the name and path of a files to be audited. Use the Events tab to select vital file events.

2
Enter the file name and path
(<
ShareName>\<Path>\<FileName>) to audit and click Add to add it to the selection list.
3
On the Events tab, select individual file events to be audited or select the File Events check box to select all listed file events.
4
Click Next.

Agent Selection

Select the Change Auditor agents to be used to monitor the NetApp filer test.

(Optional) Supply NetApp filer credentials.

1
Click Add to open the Eligible Change Auditor Agents dialog. Select the agents to be used. (Use the Shift or Ctrl keys to select multiple agents.)
Click OK to close the dialog and add the agents to the selection list.
Click Clear Credentials to clear any previously entered NetApp filer credentials for the selected agent.
3
Click Finish to save the template and close the wizard.

To audit a folder/volume:

2
Click Auditing.
3
Select NetApp (under the NAS heading in the Auditing task list) to open the NetApp Auditing page.
4
Click Add to open the NetApp Auditing wizard.

Welcome

Specify the NetApp filer to be audited.

2
Click Next.

File Path Selection (Folder/
Volume/
All Volumes)

Provide the name and path of a folders/volumes to be audited. Use the available tabs to select specific events and file masks to audit. You can also exclude certain subfolders and files from auditing.

1
For the audit path, select Folder, Volume or All Volumes.
2
If Folder is selected, enter the folder name and path (<ShareName>\<FolderName>) to audit and click Add.
3
If Volume is selected, enter a volume (<VolumeName>) and click Add.
4
If All Volumes is selected, click Add.
5
Click in the Scope cell to change the scope of coverage.
6
On the Events tab, select individual file and folder events to be audited, or select the File Events and Folder Events check boxes to select all listed events.
Click Add to add it to the inclusion list.
Use Add | Folder to exclude activity against any matching files/subfolders or Add | File to exclude activity against matching files.
9
Click Next.

Agent Selection

Select the agents to be used to monitor the NetApp filer test.

(Optional) Supply NetApp filer credentials.

1
Click Add to open the Eligible Change Auditor Agents dialog. Select the agents to be used. (Use the Shift or Ctrl keys to select multiple agents.)
Click OK to close the dialog and add the agent(s) to the selection list.
Click Clear Credentials to clear any previously entered NetApp filer credentials for the selected agent.
3
Click Finish to save the template and close the wizard.

Fluid File System (FluidFS) auditing

To enable FluidFS auditing, you must first create an auditing template for each cluster to audit. Each auditing template defines the location of the cluster to be audited, the auditing scope, and the agents that are to receive the events.

Before you begin:

For installation and configuration details, see the Change Auditor for Fluid File System User Guide.

The FluidFS Auditing page displays when you select FluidFS from the Auditing task list in the navigation pane of the Administration Tasks tab. From this page you can open the FluidFS Auditing wizard to specify the FluidFS cluster to be audited, the auditing scope and the agents that are to receive the events. You can also edit existing templates, disable/enable templates, and remove templates that are no longer being used.

NOTE: For more information, including a full description of the page, refer to the Quest Change Auditor for Fluid File System User Guide.
2
Click Auditing.
3
Select FluidFS (under the NAS heading in the Auditing task list) to open the FluidFS Auditing page.
4
Click Add to open the Auditing wizard.

Welcome

Specify the FluidFS cluster to be audited, and the credentials required to configure auditing.

2
Click the Provide FluidFS Credentials button to be prompted for the credentials. The credentials are case sensitive.
3
Click Next.

File Path Selection

Provide the name and path of a volume to be audited. Use the available tabs to select specific events and file masks to audit. You can also exclude certain subfolders and files from auditing.

Use the Events tab to select vital events.

4
Enter the volume to audit and click Add to add it to the selection list.
5
On the Events tab, select individual file and folder events to be audited, or select the File Events and Folder Events check boxes to select all listed events.
7
Click the Add button to add it to the Included Names list.
9
Click Add and select File or Folder to add it to the exclusions list.
10
Click Next.

Agent Selection

Select the agents to be used to monitor the cluster.

11
Click Add to open the Change Auditor Agents dialog. Select the agents to be used.
12
Click OK to close the dialog and add the agents to the selection list.

Encryption Settings

Turn encryption on to protect the data as it passes between the FluidFS cluster and the agents.

 

13
To enable encryption, select Turn on encryption for auditing, click the Set credentials for encryption, and enter the service account credentials for the FluidFS cluster to use when encrypting events.
14
Click Finish to save the template and close the wizard.
Related Documents