Veritas Data Insight Administrator's Guide
- Section I. Getting started
- Introduction to Veritas Data Insight administration
- Configuring Data Insight global settings
- Overview of Data Insight licensing
- About scanning and event monitoring
- About filtering certain accounts, IP addresses, and paths
- About archiving data
- About Data Insight integration with Symantec Data Loss Prevention (DLP)
- Configuring advanced analytics
- About open shares
- About bulk assignment of custodians
- Section II. Configuring Data Insight
- Configuring Data Insight product users
- Configuring Data Insight product servers
- About node templates
- About automated alerts for patches and upgrades
- Configuring saved credentials
- Configuring directory service domains
- Configuring containers
- Section III. Configuring native file systems in Data Insight
- Configuring NetApp file server monitoring
- Configuring clustered NetApp file server monitoring
- About configuring secure communication between Data Insight and cluster-mode NetApp devices
- Configuring EMC Celerra or VNX monitoring
- Configuring EMC Isilon monitoring
- Configuring EMC Unity VSA file servers
- Configuring Hitachi NAS file server monitoring
- Configuring Windows File Server monitoring
- Configuring Veritas File System (VxFS) file server monitoring
- Configuring monitoring of a generic device
- Managing file servers
- Adding filers
- Adding shares
- Renaming storage devices
- Configuring NetApp file server monitoring
- Section IV. Configuring SharePoint data sources
- Configuring monitoring of SharePoint web applications
- About the Data Insight web service for SharePoint
- Adding web applications
- Adding site collections
- Configuring monitoring of SharePoint Online accounts
- About SharePoint Online account monitoring
- Adding SharePoint Online accounts
- Adding site collections to SharePoint Online accounts
- Configuring monitoring of SharePoint web applications
- Section V. Configuring cloud data sources
- Section VI. Configuring ECM data sources
- Section VII. Health and monitoring
- Section VIII. Alerts and policies
- Section IX. Remediation
- Section X. Reference
- Appendix A. Backing up and restoring data
- Appendix B. Data Insight health checks
- Appendix C. Command File Reference
- Appendix D. Data Insight jobs
- Appendix E. Troubleshooting
- Troubleshooting FPolicy issues on NetApp devices
Purging the audit logs in an Isilon filer
By default an Isilon file server does not automatically clear the audit logs. Accumulation of audit logs over a long time can clutter disk space and as a result interrupt the auditing process itself. To avoid these problems you must periodically perform manual cleanup of the audit logs.
Note:
The cleaning of audit logs may cause interruptions in the SMB client connections between the Isilon file server and the Collector node, leading to scan failures. To avoid disruption in scanning service, perform the cleaning operation during a planned maintenance window. The described procedure is applicable only to OneFS 7.1 and OneFS 7.2. For more information refer to EMC Isilon technical support.
To purge the audit logs from an Isilon filer
- Log on to the Isilon cluster CLI using SSH or Telnet as a root user.
- Stop the isi_audit_d and isi_audit_cee processes from automatically restarting, by executing the commands:
isi services -a isi_audit_d ignore
isi services -a isi_audit_cee ignore
- Terminate the isi_audit_d and isi_audit_cee processes, by executing the commands:
isi_for_array 'pkill isi_audit_d'
isi_for_array 'pkill isi_audit_cee'
- Verify that no isi_audit processes are running on the cluster, by executing the command:
isi_for_array -s 'pgrep -l isi_audit'
- Change directory to the audit directory, by executing the command:
cd /ifs/.ifsvar/audit
- To ensure that you are in the /ifs/.ifsvar/audit directory, execute the command:
pwd
- Optionally, create a backup of your audit directory if you want to preserve your old audit logs. You can move or copy them to another directory by using either mv or cp command.
- Delete the audit directory by executing the command:
rm -rf /ifs/.ifsvar/audit
- Inform the Master Control Program (MCP) to resume monitoring the audit daemons, by executing the following commands:
isi services -a isi_audit_d monitor
isi services -a isi_audit_cee monitor
MCP automatically restarts the audit daemons and reconstructs the audit directory on each node when the isi_audit_d process is running.
- Check if the audit processes have restarted, by executing the command:
isi_for_array -s 'pgrep -l isi_audit'
- Verify that audit data was removed and reconstructed, by executing the command:
isi_audit_viewer -t protocol
- Verify that the audit log files are being populated after audit processes have restarted, by executing the command:
isi_audit_viewer -t protocol