Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

tzvb23

19 Posts

1253

April 4th, 2014 08:00

Celerra AV File Scanning Visibility?

I frequently receive low water mark and high water mark error messages from our datamovers.

Mar 21 07:39:22 2014 DART:VC:ERROR:2 Slot 2: 1395409154: Vnode  high water mark reached.


Is there a way to observe the file scanning activity in real-time or view historical statistics?

I'd like to use this information to establish a more accurate AV exclusion file for the datamovers.

Thanks!

Environment Overview

  • 4x datamovers running v7.1.71 DART, 24 CIFS filesystems, 30TB of unstructured data.
  • 7x scan servers, McAfee v8.8, and VEE v4.9.3 (upgrading to CEE v6.3.1 this month)
  • virus checker configuration file settings: (We're aware that EMC doesn't recommend masks=*.* our security team requires it)

masks=*.*

excl=*.ldb:*.mad:*.maf:*.mam:*.maq:*.mar:*.mat:*.mda:*.mdb:*.mde:*.mdn:*.mdw:*.mdz

excl=*.inp:*.orc:*.sc:*.sqc:*.sql:*.sqr

excl=*.edb:*.ost:*.pst:*.stm

excl=*.db:*.dbf:*.gdb:*.fmt:*.fmb:*.fmx:*.frm:*.ora

excl=*.bz:*.gz:*.rar:*.tgz:*.tar:*.zip:*.Z

excl=*.adl:*.gdbtable:*.gdbindexes:*.gdbtablx:*.lock:*.prj:*.sbn:*.sbx:*.shp:*.shx

excl=*.index:*.db-journal:*.log:*.nsf:*.tmp:*.vmdk:>>>>>>>>:~$*.*:*.dbx-journal

BillStein-Dell

Moderator

 • 

284 Posts

April 4th, 2014 09:00

Enable debug logging.  There are two ways to do that, either from the Data Mover or from the scan engine.  Ideally, you want to watch the interaction between the Data Mover and the scan engine while it is taking place.  This KB article discusses the steps here in detail, and also discusses how to enable debug logging on the scan engine which I won't go into here, but to enable it on the Data Mover, enter the following:

$ server_param server_X -f viruschk -m Traces -v 0xC0000004

Once debug logging is enabled, all interactions between the Data Mover and the scan engines will be logged to the server log.  To watch it in real time, enter the following:

$ server_log server_X -s -f &

Notice that I sent the command to the background so that you can continue to work.  You could also add something to stream it to a log instead of the screen, like this:

$ server_log server_X -s -f > slog2.out &

To kill the log streaming, enter:

$ kill -9 %1

To disable verbose logging, enter the following:

$ server_param server_X -f viruschk -m Traces -v 0

tzvb23

19 Posts

April 8th, 2014 06:00

Thank you for the quick reply!

I'm going to automate this on the control station.

So we get an email whenever the low water mark is exceeded so we can see which files are being scnned.

Rainer_EMC

8.6K Posts

April 8th, 2014 07:00

Just be careful that you don’t keep the system too busy with logging and flood the logs

tzvb23

19 Posts

April 8th, 2014 08:00

Is there a way to have the datamovers redirect cretain log facilites to a dedicated file?

It would be nice if that was configurable like syslog is on *nix systems.

The format of the viruschk debug messages is different than the default entries, which makes it difficult to parse.

Thanks.

Rainer_EMC

8.6K Posts

April 8th, 2014 13:00

Not a general way.

Anything that is considered an event is delivered to the control station and can be acted upon.

The fact that the data mover logs live on space directly accessed by the DM was a design decision so that it can uses its logs even if the control station or any of its networks aren’t available.

View More

View All

No Events found!

Top