Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

3683

December 18th, 2006 11:00

symmetrix auditing.

Is there a way to view from the symmetrix machine all the command it get to perform?
I know that solution enable is saving the command locally.
But I want to collect it directly from the storage.

Arie shenar.

141 Posts

December 18th, 2006 15:00

Shenar,

You can use the symaudit command to get what you are after - it will get the information directly from the symm, and unlike the symapi log file which only shows you actions from a single system, symaudit shows you all of the operations that occured on the symm no matter which system initiated the operation.

It's very easy to use - just run "symaudit list -v"

Good Luck,
Glen.

128 Posts

December 18th, 2006 13:00

The solutions enabler keeps track of most of the Symmetrix commands in a log file. That will tell you of most of the activity. It's in the /var/symapi/log directory (or something close depending on your specific OS) on Unix. There will be a new file for each day.
If you want to know what EMC does when they secretly dial in to your Sym, you are out of luck. If that info exists, it would be on the service processor which is hands-off to customers. They apparently don't want the customers to know when they dial in or what they are doing in there.

108 Posts

December 18th, 2006 18:00

Hello All,

Just two cents worth (from a hardware perspective). The "symaudit" command pulls its information directly from the Host Audit Log file located on the "Symmetrix File System" volumes. The "SFS" volumes are internal storage and an integral part of every Symmetrix 8000 (at 5568) and every DMX / DMX-3 system. Quoting from the DMX-3 Product Guide (available on Powerlink):

Enginuity stores an Audit Log in the SFS. This enables improved investigation, both at the system level and customer environment level. Symmetrix Audit Log collects and presents a chronological list of host-initiated Symmetrix actions and activities.

Manual activities (for example, physically removing/replacing a component) as well as automatically initiated scripts and EMC¿s Solutions Enabler activities (for example, TimeFinder or SRDF routines), are tracked and recorded in the SFS.

This provides a means to oversee and historically recall how and when a Symmetrix device is being used. Enginuity also expands capabilities for host applications built on SymmAPI¿. Earlier, host applications were allowed to make entries to a Symmetrix write-only buffer.

Audit Log features now enable Symmetrix ISVs and other service providers to use logged information for their own reporting purposes. The built-in system security in SymmAPI does not allow host applications to change audit logs. This reduces IOSQ (I/O Supervisor Queue Time) exposure and increases system performance.


A related command (for interogating the hardware) is the "symevent" command - this pulls information directly from the "non-volatile memory" of the actual Symmetrix director boards.

Also dial-up access to any Symmetrix can be controlled. While we (here in the EMC Support Centre) prefer immediate access to address problems you always have the ability to prevent dial-in without express permission....

Best Regards,
Michael.

128 Posts

December 19th, 2006 07:00

The symaudit and symevent will also both tell you the commands that are run against the Sym by the users. However, neither will indicate when EMC remotely dials in and neither will tell you what EMC does while they are in there. There is a severe auditing/security issue concerning this.

108 Posts

December 19th, 2006 17:00

Hi SysMgr,

Thanks. Yes, I understand your concern. You can certainly prevent EMC access to the Service Processor but once access is granted you don't, as far as I am aware, receive any ECC alerts that we (EMC Customer Support) have dialled in to correct a problem. We do have customers that specify or limit the type & class of commands that can be issued by EMC support without express System Administrator permission. But I don't think I can address your specific concern..... I assume Shenar's original has been answered so we should move this query to a new thread for additional comment & suggestions from EMC'ers AND customers with similar concerns......

Regards,
Michael.

Message was edited by:
mlee

128 Posts

December 20th, 2006 08:00

Actually, the orignal question is not completely answered. The commands discussed only address commands issued by the users. It does not address commands issued by EMC while they are remotely connected.

1 Message

February 21st, 2008 06:00

Hi,

Did this topic get moved into another thread? We also have a requirement to see dialin activity as well as host initiated. We already have it set up that EMC have to ask us to dialin, but we need to see timestamped entries in the symaudit/symevent log for what gets done and when.

2 Intern

 • 

2.8K Posts

February 21st, 2008 06:00

symaudit will give you a timestamped detail of what your users do on the hosts. I'm pretty sure that up to (including) code 5772 you can't see what our CS does on the SP. Maybe Michael can shade some light on 5773...

128 Posts

February 21st, 2008 13:00

Unless you have the advanced VLAN access console setup for the sym, you are totally out of luck with tracking dialins. Sorry.
No Events found!

Top