Skip to main content
Start a Conversation

Unsolved

cp23

1 Rookie

 • 

1 Message

1186

July 27th, 2021 06:00

CEE errors on Isilon

Hello,

        I am trying to setup new CEE server for a auditing project. Isilon log seeing below errors. Isilon side ping to CEE host work and also telnet from isilon to cee host port 12228 work. So, looks like no network issue. But seeing below errors in Isilon audit log. Any idea?

isi_audit_cee[3412]: [isi_audit_cee] CEE Server http://xx.xx.xx.xx:12228/cee is unreachable: status 0xc000023d: STATUS_HOST_UNREACHABLE
isi_audit_cee[3412]: [isi_audit_cee] CEE Server http://xx.xx.xx.xx:12228/cee is unavailable: vcstatus 0x16: VC_ERROR_CEPP_NOT_FOUND

OneFS 8.1.2.0
EMC CEE 8.7.8

Thanks in advance

2 people also have this problem

DELL-Sam L

Moderator

 • 

7.7K Posts

July 27th, 2021 16:00

Hello cp23,

It is best to open a support case for this issue.  One thing you can check is to make sure that port 111is open and that your Isilon can communicate on that port.

ivan.mendoza

1 Message

January 6th, 2024 01:32

did you find the way to solve it?

alx123

1 Rookie

 • 

64 Posts

February 17th, 2025 10:55

i am having same problem, isilon can reach CEPA SERVER on port 12228 but not sending audit events

isilon-1# nc -zv collector01 12228
Connection to collector01 12228 port [tcp/*] succeeded!

and in ui error that doesnt make any sense, any idea?

Audit CEE server http://collector01:12228/cee is unreachable.

DELL-Josh Cr

Moderator

 • 

9.4K Posts

February 17th, 2025 14:04

Hi,

What version of OneFS are you using? This thread has some suggestions. https://dell.to/4hHTSrK and https://dell.to/4hHTTfi Can the storage and CEE server ping?

 

 

Let us know if you have any additional questions.

alx123

1 Rookie

 • 

64 Posts

February 17th, 2025 15:12

OneFS 9.1

again in ui error

Audit CEE server http://collector01:12228/cee  is unreachable

but from isilon ssh i can ping collector and port 1228 of cee

isilon-2# nc collector01 -zv 12228
Connection to collector01 12228 port [tcp/*] succeeded!

isilon-2# isi_for_array "isi_audit_progress -t protocol CEE_FWD"
isilon-2: Last consumed event time: '2023-11-13 19:20:11'
isilon-2: Last logged event time:   '2025-02-17 16:11:07'
isilon-3: Last consumed event time: '2023-11-13 19:20:11'
isilon-3: Last logged event time:   '2025-02-17 10:34:25'
isilon-1: Last consumed event time: '2023-11-13 19:20:11'
isilon-1: Last logged event time:   '2025-02-17 15:44:15'

silon-2# isi audit settings view
            Audit Failure: -
            Audit Success: create_directory, create_file, delete_directory, delete_file, read_file, rename_directory, rename_file, set_security_directory, set_security_file, write_file
      Syslog Audit Events: create_directory, create_file, delete_directory, delete_file, read_file, rename_directory, rename_file, set_security_directory, set_security_file, write_file
Syslog Forwarding Enabled: No

isilon-2# isi audit settings global view
Protocol Auditing Enabled: Yes
            Audited Zones: System, qa, dev, test
          CEE Server URIs: http://collector01:12228/cee
                 Hostname:
  Config Auditing Enabled: No
    Config Syslog Enabled: No
    Config Syslog Servers: -
  Protocol Syslog Servers: syslog
     Auto Purging Enabled: No
         Retention Period: 180

(edited)

alx123

1 Rookie

 • 

64 Posts

February 17th, 2025 15:45

looks like cee events for forwarding, any idea? why isilon thinks CEE is unreachable when it is online, can ping, can netcat to port 12228, it is in same vlan, etc


isilon-2# isi audit progress view
   Protocol Audit Log Time: Mon Feb 17 16:44:10 2025
   Protocol Audit Cee Time: Mon Nov 13 19:20:11 2023
Protocol Audit Syslog Time: Mon Feb 17 15:52:52 2025

(edited)

DELL-Josh Cr

Moderator

 • 

9.4K Posts

February 17th, 2025 16:19

It seems like everything should be working. You may need to call phone support. 

alx123

1 Rookie

 • 

64 Posts

February 20th, 2025 15:19

1) grok is telling me this. is this right? does our endpoint need to respond in this way to RegisterRequest messages? i dont know where it take from, because i dont find any documentation about this.

2) Where are CEPA logs? i dont see any logs folder or how to enable logging


Grok:

Since you’re receiving <RegisterRequest />, your endpoint is likely registered, but it might not be responding correctly:


    • CEPA expects a specific XML response to <RegisterRequest />. According to the CEPA protocol, you should respond with:
      xml


      <?xml version="1.0" encoding="UTF-8"?> <RegisterResponse> <Status>Success</Status> </RegisterResponse>

    • If your endpoint doesn’t send this (or sends an invalid response), CEPA might halt further communication. Check your endpoint’s logs at 10.0.0.5:4300 to see how it’s handling the request.

  • After registration, CEPA should send audit events as XML messages (e.g., <EventNotification> with details like file paths, actions, and timestamps). Ensure your endpoint is listening for POST requests and can parse these.

(edited)

Was this post helpful?

View All

Top