Unsolved
This post is more than 5 years old
1 Message
0
1683
Getting protocol/config audit events from CEE
Hi,
I could see there are 2 approaches for getting audit events from Isilon.
1. Common Event Enabler (CEE)
2. Syslog forwarding
a) What are the pros and cons between these 2 approaches? (Like any performance differences, event meta-data differences, etc..).
b) Is there a link from where CEE SDK API framework can be downloaded? (For getting audit events from CEE server by writing some programs)
c) Is CEE SDK API framework licensed?
bower79
1 Message
0
August 21st, 2018 07:00
Will either of these two approaches allow one to monitor a folder that keeps getting moved on a SMB share? Once a week this happens and I need to find the user that is doing this.
Smith332
2 Posts
1
November 16th, 2019 04:00
You can configure CEE servers with OneFS to deliver protocol audit events by adding the URI of each server to the OneFS configuration. Run the isi audit settings global modify command with theoption to add the URIs of the CEE servers to the OneFS configuration
cadencep45
2 Intern
2 Intern
•
301 Posts
0
December 16th, 2019 06:00
CEE is probably what you are after re your example. CEE relates to event auditing of the data stored on the isilon, syslog tends to related to event auditing of admin operations on the isilon.
a fyi, setting up CEE will involve alot of data but you have already narrowed it down to a specific directory, so once setup you should be able to ask something like;
Show me log of all SMB audit events relating to x directory from y date/time to z date/time.
This will work as long as directory is not multiprotocol, in which case you will also need to check other protocols.