https://community.splunk.com/t5/Getting-Data-In/Security-logs-from-EMC-Celerra/m-p/196489#M98685 <P>You should be able to use the Common Event Enabler (<A href="http://emcsan.wordpress.com/2013/12/03/what-is-emcs-cava-common-event-enabler/">intro blog post</A>), which is a piece of free middleware from EMC that gathers file events from VNX (probably Celerra, Internet says yes), and Isilon, and notifies subscribers of those events in a managed way. It's often used for antivirus products, but is also used for audit use cases.</P> <P>Long story short, watch this page ( <A href="http://apps.splunk.com/apps/#/search/vnx">http://apps.splunk.com/apps/#/search/vnx</A> ), an app should appear there shortly, it was submitted the other day.</P> Fri, 21 Mar 2014 19:52:11 GMT halr9000 2014-03-21T19:52:11Z https://community.splunk.com/t5/Getting-Data-In/Security-logs-from-EMC-Celerra/m-p/196488#M98684 <P>Does anyone have experience reading security logs from an EMC Celerra?</P> <P>Our storage people are able to export a "live" file in an EVT format. However, Windows is unable to open it up. I can, however, use the "connect to computer" from a windows box to the datamover, and I can see the log. It just doesn't work from this export.</P> Thu, 20 Mar 2014 15:16:15 GMT https://community.splunk.com/t5/Getting-Data-In/Security-logs-from-EMC-Celerra/m-p/196488#M98684 zafunt 2014-03-20T15:16:15Z https://community.splunk.com/t5/Getting-Data-In/Security-logs-from-EMC-Celerra/m-p/196489#M98685 <P>You should be able to use the Common Event Enabler (<A href="http://emcsan.wordpress.com/2013/12/03/what-is-emcs-cava-common-event-enabler/">intro blog post</A>), which is a piece of free middleware from EMC that gathers file events from VNX (probably Celerra, Internet says yes), and Isilon, and notifies subscribers of those events in a managed way. It's often used for antivirus products, but is also used for audit use cases.</P> <P>Long story short, watch this page ( <A href="http://apps.splunk.com/apps/#/search/vnx">http://apps.splunk.com/apps/#/search/vnx</A> ), an app should appear there shortly, it was submitted the other day.</P> Fri, 21 Mar 2014 19:52:11 GMT https://community.splunk.com/t5/Getting-Data-In/Security-logs-from-EMC-Celerra/m-p/196489#M98685 halr9000 2014-03-21T19:52:11Z https://community.splunk.com/t5/Getting-Data-In/Security-logs-from-EMC-Celerra/m-p/196490#M98686 <P>Yep, I uploaded it yesterday, am an awaiting approval. There will be 2 components, the add on that has communicates with EMC CEE API, and the app which contains all the lookup tables, field extractions, etc.</P> Fri, 21 Mar 2014 22:07:37 GMT https://community.splunk.com/t5/Getting-Data-In/Security-logs-from-EMC-Celerra/m-p/196490#M98686 dmaislin_splunk 2014-03-21T22:07:37Z