This post is more than 5 years old
52 Posts
0
3683
symmetrix auditing.
Is there a way to view from the symmetrix machine all the command it get to perform?
I know that solution enable is saving the command locally.
But I want to collect it directly from the storage.
Arie shenar.
I know that solution enable is saving the command locally.
But I want to collect it directly from the storage.
Arie shenar.
GlenH
141 Posts
0
December 18th, 2006 15:00
You can use the symaudit command to get what you are after - it will get the information directly from the symm, and unlike the symapi log file which only shows you actions from a single system, symaudit shows you all of the operations that occured on the symm no matter which system initiated the operation.
It's very easy to use - just run "symaudit list -v"
Good Luck,
Glen.
sysmgr1
128 Posts
0
December 18th, 2006 13:00
If you want to know what EMC does when they secretly dial in to your Sym, you are out of luck. If that info exists, it would be on the service processor which is hands-off to customers. They apparently don't want the customers to know when they dial in or what they are doing in there.
mlee2
108 Posts
1
December 18th, 2006 18:00
Just two cents worth (from a hardware perspective). The "symaudit" command pulls its information directly from the Host Audit Log file located on the "Symmetrix File System" volumes. The "SFS" volumes are internal storage and an integral part of every Symmetrix 8000 (at 5568) and every DMX / DMX-3 system. Quoting from the DMX-3 Product Guide (available on Powerlink):
Enginuity stores an Audit Log in the SFS. This enables improved investigation, both at the system level and customer environment level. Symmetrix Audit Log collects and presents a chronological list of host-initiated Symmetrix actions and activities.
Manual activities (for example, physically removing/replacing a component) as well as automatically initiated scripts and EMC¿s Solutions Enabler activities (for example, TimeFinder or SRDF routines), are tracked and recorded in the SFS.
This provides a means to oversee and historically recall how and when a Symmetrix device is being used. Enginuity also expands capabilities for host applications built on SymmAPI¿. Earlier, host applications were allowed to make entries to a Symmetrix write-only buffer.
Audit Log features now enable Symmetrix ISVs and other service providers to use logged information for their own reporting purposes. The built-in system security in SymmAPI does not allow host applications to change audit logs. This reduces IOSQ (I/O Supervisor Queue Time) exposure and increases system performance.
A related command (for interogating the hardware) is the "symevent" command - this pulls information directly from the "non-volatile memory" of the actual Symmetrix director boards.
Also dial-up access to any Symmetrix can be controlled. While we (here in the EMC Support Centre) prefer immediate access to address problems you always have the ability to prevent dial-in without express permission....
Best Regards,
Michael.
sysmgr1
128 Posts
0
December 19th, 2006 07:00
mlee2
108 Posts
0
December 19th, 2006 17:00
Thanks. Yes, I understand your concern. You can certainly prevent EMC access to the Service Processor but once access is granted you don't, as far as I am aware, receive any ECC alerts that we (EMC Customer Support) have dialled in to correct a problem. We do have customers that specify or limit the type & class of commands that can be issued by EMC support without express System Administrator permission. But I don't think I can address your specific concern..... I assume Shenar's original has been answered so we should move this query to a new thread for additional comment & suggestions from EMC'ers AND customers with similar concerns......
Regards,
Michael.
Message was edited by:
mlee
sysmgr1
128 Posts
0
December 20th, 2006 08:00
alanParsons
1 Message
0
February 21st, 2008 06:00
Did this topic get moved into another thread? We also have a requirement to see dialin activity as well as host initiated. We already have it set up that EMC have to ask us to dialin, but we need to see timestamped entries in the symaudit/symevent log for what gets done and when.
xe2sdc
2 Intern
2 Intern
•
2.8K Posts
0
February 21st, 2008 06:00
sysmgr1
128 Posts
0
February 21st, 2008 13:00