Chat now with support
Chat with Support

Change Auditor 7.0.4 - Web Client User Guide

Install Change Auditor Web Client Web Client Overview Overview Page Shared Overviews Administration Page Searches Page Search Results Page Administration Tasks Page Configuration Tasks (Administration Tasks Page) Auditing Tasks (Administration Tasks Page) Protection Tasks (Administration Tasks Page) Change Auditor Client Comparison

NAS

The tasks under this heading are used to create auditing templates for NAS devices. After creating an EMC, Fluid File System, or NetApp auditing template, see Templates with defined agents for information on immediately enabling the auditing defined in these templates.

See the following administration task descriptions for more information:
EMC auditing
NetApp auditing
Fluid File System (FluidFS) auditing

EMC auditing

To enable EMC auditing, you must first create an EMC Auditing template for each EMC file server (CIFS) to be audited. Each auditing template defines the location of the EMC file server to be audited, the auditing scope, and the Change Auditor agents that are to receive the EMC events.

* 
NOTE: There can be only one EMC Auditing template per EMC file server (CIFS). If you want to audit multiple audit paths, use the same template to specify all the audit paths to be audited on the selected EMC file server.
EMC Auditing page

The EMC Auditing page is displayed when EMC is selected from the Auditing task list in the navigation pane of the Administration Tasks page, and contains an expandable view of all the EMC Auditing templates that have been previously defined. From this page you can launch the EMC Auditing wizard to specify the EMC file server (CIFS) to be audited, the auditing scope and the agents that are to receive the EMC events. You can also edit existing templates, disable/enable templates, and remove templates that are no longer being used.

* 
NOTE: For more information, including a full description of the page, refer to the Quest Change Auditor for EMC User Guide.
To audit a file:
1
Open the Administration Tasks page.
2
Click Auditing.
3
Select EMC (under the NAS heading in the Auditing task list) to open the EMC Auditing page.
4
Click Add to launch the EMC Auditing wizard.
 
Table 42. EMC Auditing Wizard: File auditing
Page
Description
Procedure

Welcome

Specify the EMC File Server (CIFS) to be audited.
1
Select the EMC File Server (CIFS) from the drop-down list, or enter the NetBIOS name or IP address of the EMC file server (CIFS) to be audited.
2
Click Next.

File Path Selection (File)

Provide the name and path of a file(s) to be audited. Use the Events tab to select vital file events.
1
For the audit path, select File.
2
Enter the file name and path (i.e., <ShareName>\<Path>\<FileName>) to be audited.
Isilon file server auditing: When specifying a file path to be audited, you should use the file’s absolute path. Path values in Isilon events captured by Change Auditor are also represented in absolute paths. For example, if a share called ‘MyTestShare’ is sharing the path ‘\\isilon\ifs\test’, and you want to audit the file MyDoc.docx inside that share, add the path ‘ifs\test\MyDoc.docx’ in the auditing template.
Change Auditor uses the default ‘ifs’ share for Isilon file/folder permission change events. If you have renamed this share, please specify the new share name on this page to continue support for these events. To change the default ifs share name, click the "Isilion admin share name" link on the top right corner of the page.
3
Click Add to add it to the selection list.
4
On the Events tab, select individual file events to be audited or select the File Events check box to select all listed file events.
5
Click Next.

Agent Selection

Select the Change Auditor agents to be used to monitor the EMC file server.

If the Change Auditor agents are not already specified in the cepp.conf file (pool namesakes servers entry), use Set Credentials to provide the credentials and create the cepp.conf file.
1
Click Add to open the Eligible Change Auditor Agents dialog.
2
Select one or more agents from the list.
3
Click OK and continue to Step 8. If the list appears empty, click Cancel to return to the Agent Selection page.
4
If there are no Change Auditor agents available on the Eligible Change Auditor Agents dialog, click Set Credentials and enter the following information:
Control Station - IP address of the EMC Control Station.
User - user name of an account with Administrative rights on the EMC Control Station.
Password - password associated with the user name.
Data Mover - use the drop-down to select the Data mover that hosts the CIFS file server specified on the first wizard page.
5
Click Test to validate the credentials. Once the credentials have been validated, click OK.
6
Click Add to open the Eligible Change Auditor Agents dialog.
7
Select one or more agents from the list. Click OK.
8
Click Next.

Configuration

Review the proposed cepp.conf file.

(Optional) From this page you can also deploy the proposed configuration file, check the status of the cepp service and audit the cepp.conf file.
1
Review the proposed cepp.conf file.
2
(Optional) Click Update File to deploy the proposed configuration file on the EMC Control Station.
3
(Optional) Click Check Status to check the status of the cepp service.
4
(Optional) Click Audit File to enable/disable the auditing of the cepp.conf file for changes made to this configuration file by third-party applications.
5
Click Finish to save the template and close the wizard.
To audit a folder or volume:
1
Open the Administration Tasks page.
2
Click Auditing.
3
Select EMC (under the NAS heading in the Auditing task list) to open the EMC Auditing page.
4
Click Add to open the EMC Auditing wizard.
 
Table 43. EMC Auditing Wizard: Folder/Volume auditing
Page
Description
Procedure

Welcome

Specify the EMC File Server (CIFS) to be audited.
1
Select the EMC File Server (CIFS) from the drop-down list, or enter the NetBIOS name or IP address of the EMC file server (CIFS) to be audited.
2
Click Next.

File Path Selection (Folder/Volume/All Volumes)

Provide the name and path of a folders/volumes to be audited. Use the available tabs to select specific events and file masks to audit. You can also exclude certain subfolders and files from auditing.

NOTE: Volume names are case sensitive.
IMPORTANT: If you enter the name of a subfolder or file that is outside of the audited path, it will NOT be excluded from auditing.
1
For the audit path, select Folder, Volume or All Volumes.
2
If Folder is selected, enter the folder name and path (<ShareName>\<FolderName>) to audit, and click Add.
3
If Volume is selected, enter a volume name (<VolumeName>), and click Add.
4
If All Volumes is selected, click Add to add all volumes.
5
Click in the Scope cell to change the scope of coverage.
6
On the Events tab, select individual file and folder events to audit, or select the File Events and Folder Events check boxes to select all listed events.
7
On the Inclusions tab, enter a file mask to specify what is to be included in the audit using the following:
Fixed characters such as letters, numbers and other characters that are allowed in file names.
Asterisk (*) wildcard character to substitute zero or more characters.
Question mark (?) wildcard character to substitute a single character.
A double asterisk (**) to specify a recursive match. (find match in the folder and all subfolders in audit path).
Note: The slash (\) and double asterisk (**) characters can only be used with volumes.
Click Add to add it to the inclusion list.
8
(Optional) On the Exclusions tab, specify the names and paths of any subfolders or files to exclude. The file mask can contain any combination of the following:
Fixed characters such as letters, numbers and other characters that are allowed in file names.
Asterisk (*) wildcard character to substitute zero or more characters. Use a single asterisk (*) to specify a non-recursive match (i.e., find match in the folder only; does not match any slash characters (\)). Use a double asterisk (**) to specify a recursive match (i.e., find match in the folder and all subfolders in audit path; matches slash characters (\) and directory names in paths).
Question mark (?) wildcard character to substitute a single character. The ? wildcard character does not match slash (\) characters.
Use Add | Folder to exclude activity against any matching files/subfolders or Add | File to exclude activity against matching files.
9
Click Next.

Agent Selection

Select the agents to be used to monitor the EMC file server.

If the Change Auditor agents are not already specified in the cepp.conf file (pool name=quest servers entry), you will need to provide credentials.
1
Click Add to open the Eligible Change Auditor Agents dialog.
2
Select one or more agents from the list.
3
Click OK and continue to Step 8. If the list appears empty, click Cancel to return to the Agent Selection page.
4
If there are no agents available on the Eligible Change Auditor Agents dialog, click Set Credentials and enter the following information:
Control Station - IP address of the EMC Control Station.
User - user name of an account with Administrative rights on the EMC Control Station.
Password - password associated with the user name.
Data Mover - use the drop-down to select the Data mover that hosts the CIFS file server specified on the first wizard page.
5
Click Test to validate the credentials. Once the credentials have been validated, click OK.
6
Click Add to open the Eligible Change Auditor Agents dialog.
7
Select one or more agents from the list. Click OK.
8
Click Next.

Configuration

Review the proposed cepp.conf file.

(Optional) From this page you can also deploy the proposed configuration file, check the status of the cepp service and audit the cepp.conf file.
1
Review the proposed cepp.conf file.
2
(Optional) Click Update File to deploy the proposed configuration file on the EMC Control Station.
3
(Optional) Click Check Status to check the status of the cepp service.
4
(Optional) Click Audit File to enable/disable the auditing of the cepp.conf file for changes made to this configuration file by third-party applications.
5
Click Finish to save the template and close the wizard.

NetApp auditing

To enable NetApp filer auditing, you must first create a NetApp auditing template for each NetApp filer to be audited. Each auditing template defines the NetApp filer to be audited, the auditing scope, and the agents that are to receive the events.

* 
NOTE: There can be only one NetApp Auditing template per NetApp filer. Therefore, if you want to audit multiple audit paths, use the same template to specify the audit paths to be audited on the selected NetApp filer.
* 
NOTE: For NetApp 7-mode, you must enable TLS communication on the filer to allow secure communication with the Change Auditor client using the following command: options tls.enable on
* 
NOTE: NetApp events initiated through the NFS protocol are not supported.
NetApp auditing page

The NetApp Auditing page is displayed when NetApp is selected from the Auditing task list in the navigation pane of the Administration Tasks page. From this page you can open the NetApp Auditing wizard to specify the NetApp filer to audit, the auditing scope, and the agents that are to receive the NetApp events. You can also edit existing templates, disable/enable templates, and remove templates that are no longer being used.

* 
NOTE: For more information, including a full description of the page, refer to the Quest Change Auditor for NetApp User Guide.
To audit a file:
1
Open the Administration Tasks page.
2
Click Auditing.
3
Select NetApp (under the NAS heading in the Auditing task list) to open the NetApp Auditing page.
4
Click Add to open NetApp Auditing wizard.
 
Table 44. NetApp Auditing Wizard: File auditing
Page
Description
Procedure

Welcome

Specify the NetApp filer to be audited.
1
Select the NetApp CIFS server from the drop-down menu. If the NetApp CIFS server not appear in the list, enter the server’s NetBIOS name.
2
File and folder auditing is supported in both 7-mode (non-cluster mode) and cluster mode. Select Detect filer mode to determine which mode you have deployed.

If you are operating in cluster mode, credentials must be set for all agents. The credentials set must be for users with ONTAPI access on the filer. Enter the credentials and click OK.
Once entered, Change Auditor verifies that the specified account can access the filer. If there is an issue, re-enter valid credentials and the verification will run again.
3
Click Next.

File Path Selection (File)

Provide the name and path of a files to be audited. Use the Events tab to select vital file events.
1
For the audit path, select File.
2
Enter the file name and path
(<ShareName>\<Path>\<FileName>) to audit and click Add to add it to the selection list.
3
On the Events tab, select individual file events to be audited or select the File Events check box to select all listed file events.
4
Click Next.

Agent Selection

Select the Change Auditor agents to be used to monitor the NetApp filer test.

(Optional) Supply NetApp filer credentials.
1
Click Add to open the Eligible Change Auditor Agents dialog. Select the agents to be used. (Use the Shift or Ctrl keys to select multiple agents.)
Click OK to close the dialog and add the agents to the selection list.
2
(Optional) If you did NOT add the agent accounts to the local Administrators group on the NetApp filer, select the agent from the list and click Set Credentials to enter the NetApp filer credentials.
Click Clear Credentials to clear any previously entered NetApp filer credentials for the selected agent.
3
Click Finish to save the template and close the wizard.

To audit a folder/volume:

1
Open the Administration Tasks page.
2
Click Auditing.
3
Select NetApp (under the NAS heading in the Auditing task list) to open the NetApp Auditing page.
4
Click Add to open the NetApp Auditing wizard.
 
Table 45. NetApp Auditing Wizard: Folder/Volume auditing
Page
Description
Procedure

Welcome

Specify the NetApp filer to be audited.
1
Select the NetApp CIFS server from the drop-down menu. If the NetApp CIFS server not appear in the list, enter the server’s NetBIOS name.
2
Click Next.

File Path Selection (Folder/
Volume/
All Volumes)

Provide the name and path of a folders/volumes to be audited. Use the available tabs to select specific events and file masks to audit. You can also exclude certain subfolders and files from auditing.

NOTE: Volume names are case sensitive.
IMPORTANT: If you enter the name of a subfolder or file that is outside of the audited path, it will NOT be excluded from auditing.
NOTE: The slash (\) and double asterisk (**) characters can only be used with volumes.
1
For the audit path, select Folder, Volume or All Volumes.
2
If Folder is selected, enter the folder name and path (<ShareName>\<FolderName>) to audit and click Add.
3
If Volume is selected, enter a volume (<VolumeName>) and click Add.
4
If All Volumes is selected, click Add.
5
Click in the Scope cell to change the scope of coverage.
6
On the Events tab, select individual file and folder events to be audited, or select the File Events and Folder Events check boxes to select all listed events.
7
On the Inclusions tab, enter a file mask to specify what is to be included in the audit using the following:
Fixed characters such as letters, numbers and other characters that are allowed in file names.
Asterisk (*) wildcard character to substitute zero or more characters.
Question mark (?) wildcard character to substitute a single character.
A double asterisk (**) to specify a recursive match. (find match in the folder and all subfolders in audit path).
Click Add to add it to the inclusion list.
8
(Optional) On the Exclusions tab, specify the names and paths of any subfolders or files to exclude. The file mask can contain any combination of the following:
Fixed characters such as letters, numbers and other characters that are allowed in file names.
Asterisk (*) wildcard character to substitute zero or more characters. Use a single asterisk (*) to specify a non-recursive match (i.e., find match in the folder only; does not match any slash characters (\)). Use a double asterisk (**) to specify a recursive match (i.e., find match in the folder and all subfolders in audit path; matches slash characters (\) and directory names in paths).
Question mark (?) wildcard character to substitute a single character. The ? wildcard character does not match slash (\) characters.
Use Add | Folder to exclude activity against any matching files/subfolders or Add | File to exclude activity against matching files.
9
Click Next.

Agent Selection

Select the agents to be used to monitor the NetApp filer test.

(Optional) Supply NetApp filer credentials.
1
Click Add to open the Eligible Change Auditor Agents dialog. Select the agents to be used. (Use the Shift or Ctrl keys to select multiple agents.)
Click OK to close the dialog and add the agent(s) to the selection list.
2
(Optional) If you did NOT add the agent accounts to the local Administrators group on the NetApp filer, select the agent from the list and click Set Credentials to enter the NetApp filer credentials.
Click Clear Credentials to clear any previously entered NetApp filer credentials for the selected agent.
3
Click Finish to save the template and close the wizard.

Fluid File System (FluidFS) auditing

To enable FluidFS auditing, you must first create an auditing template for each cluster to audit. Each auditing template defines the location of the cluster to be audited, the auditing scope, and the agents that are to receive the events.

* 
NOTE: There can be only one FluidFS auditing template per cluster. If you want to audit multiple audit paths, use the same template to specify all the audit paths to be audited on the selected cluster.
* 
NOTE: Auditing is supported only for the CIFS/SMB protocol. Events initiated through the NFS or FTP protocols are not supported.

Before you begin:
Verify that Dell Enterprise Manager (and Data Collector service) is properly installed and configured.
Verify that the FluidFS cluster you plan to audit is registered with Enterprise Manager.
Ensure you have Administrator rights to Enterprise Manager.
Ensure that the Change Auditor Configuration Service for Dell FluidFS is installed.

For installation and configuration details, see the Change Auditor for Fluid File System User Guide.

FluidFS auditing page

The FluidFS Auditing page displays when you select FluidFS from the Auditing task list in the navigation pane of the Administration Tasks tab. From this page you can open the FluidFS Auditing wizard to specify the FluidFS cluster to be audited, the auditing scope and the agents that are to receive the events. You can also edit existing templates, disable/enable templates, and remove templates that are no longer being used.

* 
NOTE: For more information, including a full description of the page, refer to the Quest Change Auditor for Fluid File System User Guide.
To audit a file:
1
Open the Administration Tasks page.
2
Click Auditing.
3
Select FluidFS (under the NAS heading in the Auditing task list) to open the FluidFS Auditing page.
4
Click Add to open the Auditing wizard.
 
Table 46. FluidFS Auditing Wizard
Page
Description
Procedure

Welcome

Specify the FluidFS cluster to be audited, and the credentials required to configure auditing.
1
Enter or select the FluidFS cluster name from the drop-down list to be audited.
NOTE: The drop-down list contains the clusters published in Active Directory.
NOTE: IP Addresses are not supported at this time.
To select a volume to be audited, you will need to enter the Change Auditor Configuration Service for Dell FluidFS location and an account that has administrative privileges to access Enterprise Manager. This allows the Coordinator to connect with the service and populate the list of available volumes to audit.
2
Click the Provide FluidFS Credentials button to be prompted for the credentials. The credentials are case sensitive.
3
Click Next.

File Path Selection

Provide the name and path of a volume to be audited. Use the available tabs to select specific events and file masks to audit. You can also exclude certain subfolders and files from auditing.

Use the Events tab to select vital events.
4
Enter the volume to audit and click Add to add it to the selection list.
5
On the Events tab, select individual file and folder events to be audited, or select the File Events and Folder Events check boxes to select all listed events.
6
On the Inclusions tab, enter a file mask to specify what is to be included in the audit using the following:
Fixed characters such as letters, numbers and other characters that are allowed in file names.
Asterisk (*) wildcard character to substitute zero or more characters.
Question mark (?) wildcard character to substitute a single character.
A double asterisk (**) to specify a recursive match. (find match in the folder and all subfolders in audit path).
7
Click the Add button to add it to the Included Names list.
8
On the Exclusions tab, specify the names and paths of any subfolders or files to exclude. The file mask can contain any combination of the following:
Fixed characters such as letters, numbers and other characters that are allowed in file names.
Asterisk (*) wildcard character to substitute zero or more characters. Use a single asterisk (*) to specify a non-recursive match (i.e., find match in the folder only; does not match any slash characters (\)). Use a double asterisk (**) to specify a recursive match (i.e., find match in the folder and all subfolders in audit path; matches slash characters (\) and directory names in paths).
Question mark (?) wildcard character to substitute a single character. The ? wildcard character does not match slash (\) characters.
9
Click Add and select File or Folder to add it to the exclusions list.
10
Click Next.

Agent Selection

Select the agents to be used to monitor the cluster.

NOTE: The domain of the configuration service must have a two-way trust with the domain of the auditing agent and trust the domain of the coordinator (one-way trust).
11
Click Add to open the Change Auditor Agents dialog. Select the agents to be used.
12
Click OK to close the dialog and add the agents to the selection list.

Encryption Settings

Turn encryption on to protect the data as it passes between the FluidFS cluster and the agents.

NOTE: Encryption settings are not maintained when a template is exported. You will need to re-configure this setting on any previously deleted templates after it has been imported.
NOTE: The domain of the coordinator must trust the domain of the specified user account (one-way trust).

 
13
To enable encryption, select Turn on encryption for auditing, click the Set credentials for encryption, and enter the service account credentials for the FluidFS cluster to use when encrypting events.
When required, you can turn off the encryption through the Enterprise Manager client. If you turn off encryption, you need to refresh Change Auditors’ configuration so that it is synchronized with the FluidFS cluster.
To refresh the configuration, save the FluidFS template after the change or run the Update-CAFluidFSConfiguration command. The FluidFS.Configuration.Service.PowerShell module is located in the install directory of the Change Auditor Configuration Service for Dell FluidFS.
14
Click Finish to save the template and close the wizard.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating