Unsolved
This post is more than 5 years old
4 Posts
3
6316
December 19th, 2013 06:00
CEPA/CEPP issues
I'm attempting to setup CEPA so that we can demo Varonis. I've gotten past the whole can't start the cepp service without a physical CIFS (a terribly annoying limitation of this service with a CIFS residing on a VDM.) I'm able to start the service now but it can't seem to chat with the Windows server that's had the VNX Event Enabler stuff installed on it.
Cepp.conf:
surveytime=10
pool name=ceppapool \
servers=10.1.104.92 \
postevents=* \
option=ignore \
reqtimeout=5000 \
retrytimeout=1500
server_cepp server_2 -pool -info results:
server_2 :
pool_name = ceppapool
server_required = No
access_checks_ignored = 488956
req_timeout = 5000ms
retry_timeout = 1500ms
pre_events =
post_events = OpenFileNoAccess,OpenFileRead,OpenFileWrite,CreateFile,CreateDir,DeleteFile,DeleteDir,CloseModified,CloseUnmodified,RenameFile,RenameDir,SetAclFile,SetAclDir,OpenDir,CloseDir,FileRead,FileWrite,SetSecFile,SetSecDir
post_err_events =
CEPP Servers:
IP = 10.1.104.92, state = ERROR_CEPP_NOT_FOUND, rpc = MS-RPC over SMB, cava version = 4.9.1.0, nt status = SUCCESS, server name = varonis01. .com
I've already configured the EMC Window services to run under the service account. I've also added the service account to the EMC Virus Checking and EMC Event Notification Bypass groups as well. There are no firewalls between the data mover and the Windows server and it appears the control station and the data mover can resolve the IP of the CEPA server. Any ideas would be greatly appreciated!
0 events found
TobyG1
4 Posts
0
December 19th, 2013 07:00
Turns out that the Varonis installation people missed a configuration in their software and didn't configure their software to use CEPA. Once that was enabled it worked like a charm.
umichklewis
4 Apprentice
•
1.2K Posts
0
December 20th, 2013 10:00
I'm looking to test out Varonis in 2014 - can you tell us what step was missed to make it work?
Thanks!
TobyG1
4 Posts
1
December 20th, 2013 11:00
Sure.
In the Varonis Management console, under the File Servers, you can edit the servers that have been added. They edited the NAS node, clicked on Configuration, then switched the "EMC Celerra Event Collection Options" to CEPA instead of Event Log (which is the default). The CEPP service on the NAS changed it's status to Online almost immediately afterwards and it's been collecting events ever since.
Seems pretty obvious now but I didn't poke too hard at the Varonis software and didn't see that setting.
umichklewis
4 Apprentice
•
1.2K Posts
0
December 20th, 2013 13:00
Perfect! Thanks for taking the time to post this information - I'm sure others will appreciate it!
Karl
TobyG1
4 Posts
0
April 30th, 2014 08:00
Exactly what I detailed in my response to Karl.
Sadly the product turned out to be too expensive for management's taste and I ended up having to remove the demo server and revert the environment changes.
mscheuer
3 Posts
0
April 30th, 2014 08:00
What did the Varonis people miss?
umichklewis
4 Apprentice
•
1.2K Posts
0
April 30th, 2014 10:00
Thanks again for your post, TobyG - I, too, am afraid management is going to say it's too expensive. They just rejected the annual maintenance on some network monitoring software we use, so I don't think I'll fare too well.
Still, I hope others can get some value from this information!
Sebastiank1
3 Posts
0
August 1st, 2018 00:00
reviving this one here ;-)
we are struggeling with cepa at the moment too.
we have configured the cepp.conf file, service started. but the data insight collector doesnt receive any audit info.
is there any log we can check on the VNX, if anything being monitored on VNX side at all?
thanks in advance,
regards,
Sebastian