Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

S

ScotN

76 Posts

3127

April 5th, 2017 19:00

Does CIFS file auditing work?

Hi I Have spent the better part of a day, again, searching EMC community and support docs and Google on this topic. I have found outdated links to KB articles and tried to find a simple how to that doesn't lead to yet another how to which does not work.  

NAS 7.1.79 on a VG8.


I need to enable file auditing for a share from a VDM on server_9. These are the issues I have run into trying to find a working recipe.

  • Download for Celerra manager in EMC Support seems to have disappeared I can find references to it but nothing that works.
  • Windows Computer Management MMC seems to have some dependencies that are broke in any recent version of Windows server talking to Celerra CIFS.
  • Java issues with any browser type on Windows 2008 and above. Used the exact same java 8 package on my ESRS 2003 host. 
  • Sparse info on how to setup from CLI.


Does anyone have a simple cli example or recommendations on how to accomplish this ? I looked at server_cifs options but the documentation for that pretty much stops at the man page.



Anything would help especially if you know what I would need to do from CLI.


Thanks.


umichklewis

1.2K Posts

April 6th, 2017 06:00

Most of what you'll need to do, you won't be able to do on a Windows box past Win7 / Server 2008.  I keep an older VM around with older Java specifically to make this work.  EMC hasn't worked too hard on keeping all of the pieces are parts updated.  You might get some help from Support,if you open an SR.

Rainer_EMC

8.6K Posts

April 6th, 2017 07:00

You dont need the Unisphere GUI to manage CIFS auditing - there is nothing in it about auditing.

So no Java necessary either

The best description is the the PDF manual called "Using Windows Administrative Tools on VNX" available from support.emc.com

what you need to do:

From Windows configure the audit policy for the data mover to enable it - using the Data Mover security smap-in on mmc

from Windows regedit change the audit log size - you may also want to relocate it since the DM root has limited space

from Windows regedit optionally configure log rotation - see "Event log auto archive" - see the VNX CIFS manual

use Windows explorer to set audit ACLs

use Windows event viewer to look at the audit logs

Some of this can also be done via GPOs

keep in mind for some reason you get an error when opening an active log directly - you need to copy it first of one one of the rotated ones

ScotN

76 Posts

April 6th, 2017 09:00

Has anyone been able to remotely pull these security logs either from CS0 or another host or push them to an aggregation server?  

Rainer_EMC

8.6K Posts

April 6th, 2017 17:00

why not ?

Rainer_EMC

8.6K Posts

April 10th, 2017 04:00

since the audit logs live on a file system owned by the data mover it would make more sense to copy them from the data mover using CIFS / NFS or ftp

From the control station you could try server_file

View More

View All

No Events found!

Top