ProSphere and similar EMC tools can be configured to discover your VNX, then poll it for alerts and changes. Have you checked your Discovery Jobs in Prosphere? See if you have the hostname or IP entered for the VNX control station. Go to Credentials and make sure you have the correct username/password combination.
If Prosphere checks out, see if you have another tools, such as SolarWinds or another SMI-S tool configured to scan the VNX as well. It might even be an intrusion detection or security hardening tool, such as Retina or Nessus. Security vendors update their login tests to check the usernames of well-known products. EMC has been using "sysadmin" for quite a while now - there's always a chance this is a scan.
We do have ProSphere in our environment we checked if this system is configured. As this system is currently not in production yet, it isn't configured in ProSphere for discovery. ProSphere would use an account "appadmin" rather than "sysadmin".
To my knowledge there are no other tools in use. I assume that it could come from a security scanner because the error message appears every hour.
I just want to make sure that this error code is not triggered by any "internal" event and can be used as a good indicator that someone is trying to get access to the system.
umichklewis
3 Apprentice
•
1.2K Posts
0
October 21st, 2013 11:00
Do you have any monitoring, reporting or performance tools setup in the environment? I'm thinking VNX M&R, ProSphere, Data Protection Advisor, etc.?
Mendocino
59 Posts
0
October 22nd, 2013 02:00
Yes, ProSphere is in place.
umichklewis
3 Apprentice
•
1.2K Posts
0
October 22nd, 2013 09:00
ProSphere and similar EMC tools can be configured to discover your VNX, then poll it for alerts and changes. Have you checked your Discovery Jobs in Prosphere? See if you have the hostname or IP entered for the VNX control station. Go to Credentials and make sure you have the correct username/password combination.
If Prosphere checks out, see if you have another tools, such as SolarWinds or another SMI-S tool configured to scan the VNX as well. It might even be an intrusion detection or security hardening tool, such as Retina or Nessus. Security vendors update their login tests to check the usernames of well-known products. EMC has been using "sysadmin" for quite a while now - there's always a chance this is a scan.
Let us know if that helps!
Karl
Mendocino
59 Posts
0
October 23rd, 2013 23:00
Many Thanks.
Let me check if and how ProSphere is configured. I'll give feedback.
Dieter
Mendocino
59 Posts
0
October 25th, 2013 04:00
We do have ProSphere in our environment we checked if this system is configured. As this system is currently not in production yet, it isn't configured in ProSphere for discovery. ProSphere would use an account "appadmin" rather than "sysadmin".
To my knowledge there are no other tools in use. I assume that it could come from a security scanner because the error message appears every hour.
I just want to make sure that this error code is not triggered by any "internal" event and can be used as a good indicator that someone is trying to get access to the system.
Thanks again,
Dieter