Configuration Settings for EMC Isilon Auditing
Configure the following audit settings on EMC Isilon nodes.
- Connect any one of the Isilon nodes using SSH Client
- Open syslog.conf file in the /etc/mcp/templates directory
- Add the following entry
- *.* @<hostname/IP Address of the AdAuditPlus server> after the "!audit_protocol" line
- Enable syslog forwarding for the zone to be audited by executing the following command
- on OneFS version 7.x isi zone zones modify <zonename> --syslog-forwarding-enabled=yes --syslog-audit-events=all
- on OneFS version 8.x isi audit settings modify --syslog-forwarding-enabled=yes --syslog-audit-events=all --zone=<zonename>
Steps to configure in ADAudit Plus.
- Login into ADAudit Plus.
- Goto File Audit tab -> Configured Server -> EMC Isilon.
- Configure the Isilon cluster with the wizard available (Note: Provide an administrative credential for audit).
- Goto Admin -> General Settings -> Connection.
- Check "Current Syslog Status" is "On".
Note: Ensure that the account used in Domain configuration has permission to read shares. Additionally, the account used in Isilon configuration must have permission to read the Isilon configuration
Trouble shooting
|
Problem/Message
|
Solution
|
|
The Selected Domain must be an Authentication Provider for the Cluster.
|
Make sure the cluster in added in the domain selected. Even after this if issue persists, update the computer objects by doing the following:
- Click the Domain Settings link from the client to open the Domain Settings page.(This is present at the Top Right corner of ADAudit Plus)
- Click on the drop down menu and choose "Update Domain Objects"
- Choose "Computers" from the list and then click on Save.
- Wait for few minutes, then try adding the server.
|
|
Isilon Zone(s) not Found
|
Make sure the user provided in the first step has permission to read the Isilon configuration
|
|
Error in getting Shares, Access is denied
|
The user configured in the Domain settings must have the permission to read the shares for the configured zone.
|
|
The Timestamp is not updated/No data is received
|
-
To check whether the syslog data is received by ADAudit server, install the ManageEngine Free Syslog Forwarder tool from https://www.manageengine.com/free-syslog-forwarder-tool/free-syslog-forwarder-index.html
-
Turn off syslog Listening from Admin->General Settings->Connection (or) Stop ADAudit Service
-
In the syslog forwarder tool, click Start to receive syslog data.
-
If no data is shown, re-check the syslog configurations. Otherwisecontact our support.
|
Copyright © 2017,
ZOHO Corp. All Rights Reserved.