This post is more than 5 years old
96 Posts
0
2042
re-allocate clar_r5_perofrmance pool - WINNT file system
The performance of our file systems on SATA is quite acceptable.
We have a storage pool on high performace drives. We would like to use it for SAN. It resides on two 4+1 RAID groups.
There is a WINNT file system on this storage pool. Is this one of the Celerra defaults?
If so, can it be moved?
Thanks...
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
0
June 7th, 2012 14:00
Take a look at this solution: emc69252
Rainer_EMC
8.6K Posts
0
May 23rd, 2012 18:00
If you mean the system LUNs - then no
landog1
96 Posts
0
June 7th, 2012 11:00
I do not mean the system LUNs.
There are Windows Security Event Logs visible in Windows Computer Management on this particular Celerra. The Event logs are stored on the WINNT file system. This file system holds just the security.evt file in the path: \WINNT\system32\config
Rainer_EMC
8.6K Posts
0
June 7th, 2012 12:00
I would suggest to contact your local EMC PS or CS guy
It sounds like you are referring the the Celerra CIFS servers event logs
These can be moved – see the CIFS manual
However they are by default on the rootfs of the data mover.
In order to move that you need to work directly with EMC support.
Rainer
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
0
June 7th, 2012 13:00
very well could be, to feed data form security logs to varonis application. What is the mount point name of that file system ?
Rainer_EMC
8.6K Posts
0
June 7th, 2012 13:00
If that was case – then by understanding the CIFS event relocation procedure in the CIFS manual and looking at the registry it could be confirmed
Takes some work though – more than just posting very little info on the forum
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
0
June 7th, 2012 13:00
yep, it was increased so that it would not overwrite itself so often ..an in order to increase it you have to move it to an external file system.
landog1
96 Posts
0
June 7th, 2012 13:00
When I asked EMC Support about them, they said I had to purchase consulting.
I have this file system on one of our Celerras - and not the other. I'm not sure how it got there.
Thanks...
Rainer_EMC
8.6K Posts
0
June 7th, 2012 13:00
Without more details – like what its called, where its mounted, size … - there isn’t much more I can advise
Didn’t you configure your system yourself ?
Rainer_EMC
8.6K Posts
0
June 7th, 2012 13:00
Everything is possible
If you dont know the time or knowledge to at least investigate and post a couple of CLI outputs then you probably need to turn to professional service
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
0
June 7th, 2012 13:00
did somebody create this file system so they could relocate security logs from the default location ?
landog1
96 Posts
0
June 7th, 2012 13:00
I wish I knew the history - or why it is on my NS-20 and not our NS-120.
Are Windows Security Event logs typically available on a Celerra?
Is it possible that this was created for a Varonis demo??
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
1
June 7th, 2012 13:00
this looks like somebody created this manually. Can you right click on my computer, manage, point to the cifs server. Once connected to the cifs server, right click on security even log and look at its properties. I have a feeling it will be pointing to this /winnt file system.
landog1
96 Posts
0
June 7th, 2012 13:00
FS name: WINNT
mount point: /WINNT
size: 100MB
contains one file: "security.evt" in the path: \WINNT\system32\config
I have seen some online references to a "Celerra MS Event Viewer snap-in" - but I do not know where to get that (or even if it is what we need). EMC support referenced the CelerraCifsMgmt program in the Tools&Apps CD. I installed that on my computer, but all it seemed to do was to put a program Clerra UNIX Attributes Source Location program on my computer:
I was not part of this department when the NS-20 was installed, and a former co-worker had also set up the Varonis demo (we did not purchase Varonins).
Thanks.
landog1
96 Posts
0
June 7th, 2012 13:00
Yes, indeeed.
in computer management, the security event log location is:
on the NS-20: \\ cifs01\c$\winnt\system32\config\security.evt
on the NS-120: \\ cifs02\c$\security.evt
The only event log I can view in computer management is the security log on the NS-20.
On both systems, there are application.evt, security.evt and system.evt files each 96 bytes in size in the root of c$
On the NS-20 there is a 10MB security.evt file in \c$\winnt\system32\config