Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Sathish Dodda

121 Posts

10194

April 12th, 2016 06:00

File Auditing in isilon

Hello Folks,

I got a request from business asking that one of the user "read / write" activity on isilon SMB share.

We have 9 node cluster in our environment with Auditing Capability.  Can some get me through the step by step procedure to check if the user did any reads or writes on folder in specific time frame (April 1st - till date).

dynamox

1 Rookie

 • 

20.4K Posts

April 12th, 2016 07:00

explore isi_audit_viewer command

Sathish Dodda

121 Posts

April 12th, 2016 09:00

Thanks dynamox,

When i try to explore the above said command i aam not getting any out or help for syntax. Am getting out put "done".

Any idea what is this meant.

Sathish Dodda

121 Posts

April 12th, 2016 09:00

Thanks,

Can you get me the guide where i can get the commands to explore auditing commands with examples. Since i am new to this array i need the doc. Thank you very much for your support!!

Stdekart

104 Posts

April 12th, 2016 09:00

Sathish_Chanti,

"isi_" commands are considered internal (Support commands) and have no documentation beyond the --help page supplied from the CLI:

Only two exceptions I can find are: isi_for_array, isi_gather_info these two commands have outlines in the CLI Admin guide for the respective OneFS version.

milpool-2# isi_audit_viewer --help

isi_audit_viewer: illegal option -- -

Usage: isi_audit_viewer [ -n | -t | -s |

         -e | -v ]

         -n : Specify node id to browse (default: local node)

         -t   : Choose topic to browse.

            Topics are "config" and "protocol" (default: "config")

         -s   : Browse audit logs starting at

         -e     : Browse audit logs ending at

         -v verbose  : Prints out start / end time range before printing

             records

            Start and End times are expressable as a

             date format "YYYY-MM-DD HH:MM:SS", where

             fields represent year/month/day/hours/minutes/seconds.

            Time can also be expressed as HH:MM:SS;

             in this case the date is set to the current day.

            Time prefixes can also be used, in which case missing values are

             assumed to be 0.

             E.g. "05:15" represents "05:15:00".

            If not specified, end time defaults to now and

             start time to 24 hours before end time.

Keep in mind these audit logs are held per node, so running the isi_aduit_viewer command on node 1 for someone connected to node 3 will not yield any results.

dynamox

1 Rookie

 • 

20.4K Posts

April 12th, 2016 09:00

this assumes that you have auditing enabled

4-12-2016 12-06-09 PM.png

Sathish Dodda

121 Posts

April 27th, 2016 12:00

Hi Shane,

Thanks for your response.

Do you have any idea of Isilon Audit logging integration with SUMOLOGIC.

scott_owens

60 Posts

May 3rd, 2016 11:00

In reviewing the Sumologic web pages, it appears to have the ability to accept messages via Syslog. In that case, you can setup the Isilon to forward audit events via syslog.

Page 12 of the following documents provide an example of setting up syslog forwarding for audit events

http://www.emc.com/collateral/white-papers/h12428-wp-best-practice-guide-isilon-file-system-auditing.pdf

Anonymous

5 Practitioner

 • 

274.2K Posts

February 14th, 2017 11:00

View More

View All

No Events found!

Top