re-allocate clar_r5_perofrmance pool - WINNT file system

If you mean the system LUNs - then no

I do not mean the system LUNs.

There are Windows Security Event Logs visible in Windows Computer Management on this particular Celerra.  The Event logs are stored on the WINNT file system.  This file system holds just the security.evt file in the path:  \WINNT\system32\config

I would suggest to contact your local EMC PS or CS guy

It sounds like you are referring the the Celerra CIFS servers event logs

These can be moved – see the CIFS manual

However they are by default on the rootfs of the data mover.

In order to move that you need to work directly with EMC support.

Rainer

very well could be, to feed data form security logs to varonis application. What is the mount point name of that file system ?

If that was case – then by understanding the CIFS event relocation procedure in the CIFS manual and looking at the registry it could be confirmed

Takes some work though – more than just posting very little info on the forum

yep, it was increased so that it would not overwrite itself so often ..an in order to increase it you have to move it to an external file system.

When I asked EMC Support about them, they said I had to purchase consulting.

I have this file system on one of our Celerras - and not the other.   I'm not sure how it got there.

Thanks...

Without more details – like what its called, where its mounted, size … - there isn’t much more I can advise

Didn’t you configure your system yourself ?

Everything is possible

If you dont know the time or knowledge to at least investigate and post a couple of CLI outputs then you probably need to turn to professional service

did somebody create this file system so they could relocate security logs from the default location ?

I wish I knew the history - or why it is on my NS-20 and not our NS-120.

Are Windows Security Event logs typically available on a Celerra?

Is it possible that this was created for a Varonis demo??

this looks like somebody created this manually. Can you right click on my computer, manage, point to the cifs server. Once connected to the cifs server, right click on security even log and look at its properties. I have a feeling it will be pointing to this /winnt file system.

FS name:  WINNT

mount point: /WINNT

size:  100MB

contains one file: "security.evt"  in the path:  \WINNT\system32\config

I have seen some online references to a "Celerra MS Event Viewer snap-in" - but I do not know where to get that (or even if it is what we need).  EMC support referenced the CelerraCifsMgmt program in the Tools&Apps CD.  I installed that on my computer, but all it seemed to do was to put a program Clerra UNIX Attributes Source Location program on my computer:

I was not part of this department when the NS-20 was installed, and a former co-worker had also set up the Varonis demo (we did not purchase Varonins).

Thanks.

Yes, indeeed.

in computer management, the security event log location is:

on the NS-20: \\ cifs01\c$\winnt\system32\config\security.evt 

on the NS-120: \\ cifs02\c$\security.evt

The only event log I can view in computer management is the security log on the NS-20.

On both systems, there are application.evt, security.evt and system.evt files each 96 bytes in size in the root of c$

On the NS-20 there is a 10MB security.evt file in \c$\winnt\system32\config