Veritas Data Insight Administrator's Guide
- Section I. Getting started
- Introduction to Veritas Data Insight administration
- Configuring Data Insight global settings
- Overview of Data Insight licensing
- About scanning and event monitoring
- About filtering certain accounts, IP addresses, and paths
- About archiving data
- About Data Insight integration with Symantec Data Loss Prevention (DLP)
- Configuring advanced analytics
- About open shares
- About bulk assignment of custodians
- Section II. Configuring Data Insight
- Configuring Data Insight product users
- Configuring Data Insight product servers
- About node templates
- About automated alerts for patches and upgrades
- Configuring saved credentials
- Configuring directory service domains
- Configuring containers
- Section III. Configuring native file systems in Data Insight
- Configuring NetApp file server monitoring
- Configuring clustered NetApp file server monitoring
- About configuring secure communication between Data Insight and cluster-mode NetApp devices
- Configuring EMC Celerra or VNX monitoring
- Configuring EMC Isilon monitoring
- Configuring EMC Unity VSA file servers
- Configuring Hitachi NAS file server monitoring
- Configuring Windows File Server monitoring
- Configuring Veritas File System (VxFS) file server monitoring
- Configuring monitoring of a generic device
- Managing file servers
- Adding filers
- Adding shares
- Renaming storage devices
- Configuring NetApp file server monitoring
- Section IV. Configuring SharePoint data sources
- Configuring monitoring of SharePoint web applications
- About the Data Insight web service for SharePoint
- Adding web applications
- Adding site collections
- Configuring monitoring of SharePoint Online accounts
- About SharePoint Online account monitoring
- Adding SharePoint Online accounts
- Adding site collections to SharePoint Online accounts
- Configuring monitoring of SharePoint web applications
- Section V. Configuring cloud data sources
- Section VI. Configuring ECM data sources
- Section VII. Health and monitoring
- Section VIII. Alerts and policies
- Section IX. Remediation
- Section X. Reference
- Appendix A. Backing up and restoring data
- Appendix B. Data Insight health checks
- Appendix C. Command File Reference
- Appendix D. Data Insight jobs
- Appendix E. Troubleshooting
- Troubleshooting FPolicy issues on NetApp devices
Configuring audit settings on EMC Isilon cluster using the OneFS CLI
You can configure the audit settings on an EMC Isilon cluster using the command-line interface (CLI). You must be a root user on the EMC Isilon cluster to perform the configuration steps.
To configure and view audit settings on Isilon using the OneFS CLI
- Log on to the Isilon OneFS cluster using the command line interface.
- Issue the following commands:
To enable auditing:
For OneFS 7.2 or earlier:
di-isilon-1# isi audit settings modify--protocol-auditing-enabled on
For OneFS 8.0 or later:
di-isilon-1# isi audit settings global modify--protocol-auditing-enabled on
Note:
Veritas recommends that you enable the OneFS auditing feature only after you install and configure Data Insight for your storage environment. Otherwise, the backlog consumed by Data Insight may be so large that results may be stale for a prolonged time.
To adjust the audit log time
Sometimes, auditing on the OneFS cluster may have been enabled before Data Insight is configured to monitor the cluster. In such cases, the cluster attempts to forward all events from the time auditing was configured. On OneFS, you can configure a setting to manually adjust time from which to begin forwarding the events to Data Insight.
For example, use the following command to update the time to forward events newer than November 19, 2014 at 2:00 P.M.
For OneFS 7.2 or earlier:
isi audit settings modify --cee-log-time "protocol@2014-11-19 14:00:00"
For OneFS 8.0 or later:
isi audit settings global modify --cee-log-time "protocol@2014-11-19 14:00:00"
To disable auditing:
For OneFS 7.2 or earlier:
di-isilon-1# isi audit settings modify--protocol-auditing-enabled off
For OneFS 8.0 or later:
di-isilon-1# isi audit settings global modify--protocol-auditing-enabled off
To configure the audit settings:
For OneFS 7.2 or earlier:
di-isilon-1# isi audit settings modify
--add-cee-server-uris=http://cee.example.com:12228/cee
--audited-zones=system
--hostname=di-isilon.example.com
--config-auditing-enabled=no
For OneFS 8.0 or later:
di-isilon-1# isi audit settings global modify
--add-cee-server-uris=http://cee.example.com:12228/cee
--audited-zones=system --hostname=di-isilon.example.com
--config-auditing-enabled=no
To view the audit settings:
For OneFS 7.2 or earlier:
di-isilon-1# isi audit settings view
For OneFS 8.0 or later:
di-isilon-1# isi audit settings global view
Depending upon the configured audit settings, you may see the following response:
Protocol Auditing Enabled: Yes Audited Zones: System CEE Server URIs: http://cee.example.com:12228/cee Hostname: di-isilon.example.com Config Auditing Enabled: No
After you have enabled audit settings on the EMC Isilon cluster you must configure the Access Zones on the cluster.
Note:
Do not enable auditing for the access zones having file systems configured only for the NFS protocol. Data Insight currently does not support monitoring of NFS shares.
To configure Access Zones using the OneFS CLI
- Log on to the Isilon OneFS cluster using the command line interface.
- Issue the following command:
isi zone zones modify <zone>
--audit-success {close | create | delete | get_ security | logoff | logon | read | rename | set_security | tree_ connect | write | all} | --clear-audit-success
--add-audit-success {close | create | delete | get_security | logoff | logon | read | rename | set_security | tree_ connect | write | all}
--remove-audit-success <string>
--audit-failure {close | create | delete | get_security | logoff | logon | read | rename | set_security | tree_ connect | write | all} | --clear-audit-failure
--add-audit-failure {close | create | delete | get_security | logoff | logon | read | rename
Using the command line interface, you can enable specific audit events.
To enable specific audit events using the OneFS CLI
- Log on to the Isilon OneFS cluster using the command line interface.
- Issue the following command:
isi zone zones modify system --audit-success create,delete,rename,set_security
Depending on your configuration, you may see the following response:
di-isilon-1# isi zone zones list -v Name: System Cache Size: 4.77M Map Untrusted: SMB Shares: - Auth Providers: - Local Provider: Yes NetBIOS Name: All SMB Shares: Yes All Auth Providers: Yes User Mapping Rules: - Home Directory Umask: 0077 Skeleton Directory: /usr/share/skel Audit Success: create, delete, rename, set_security Audit Failure: - Zone ID: 1