Knowledge Management

How to read audit logs from EMC VNX NAS

ski98033
Explorer

Hi,

I am wondering if any other folks have figured out a way to get the CIFS audit logs from an EMC VNX (Celerra) NAS into Splunk.

cheers,

ski

Tags (3)
1 Solution

halr9000
Motivator

The app for working with VNX audit logs has now been released. It's split into two pieces:

View solution in original post

0 Karma

halr9000
Motivator

The app for working with VNX audit logs has now been released. It's split into two pieces:

0 Karma

halr9000
Motivator

If you don't mind, please open a new Question asking this, and tag it with the CEE TA app tag by clicking this link: http://answers.splunk.com/ask/?appid=1742. I'll try to watch for it and answer there.

0 Karma

wbfoxii
Communicator

Looking at the documentation, I'm a little confused. I'm aiming to get the audit logs from Celerra. I have a heavy forwarder that I use to collect info from other servers. Can I install the CEE tools on that? I hope I don't have to install anything on the EMC datamover appliance.

0 Karma

ski98033
Explorer

So I ended up with a different, kind of hacked together solution that works. I use Netwrix to collect and interpret the audit logs. It sends an email every 5 minutes. I have a perl script that reads the emails and writes to a log file that splunk reads. Kind of a hack, but it works. Netwrix is cheap and they do a lot of interpretation that I do not have to do. They are looking at providing a direct to log output in the future so I can drop the email/perl script bit.

cheers,

ski

0 Karma

dmaislin_splunk
Splunk Employee
Splunk Employee

We just finished writing an App that leverages the EMC CEPA API to access disk usage. The API service runs on Windows. EMC is testing the app and we hope to get it uploaded to SplunkBase soon.

yannK
Splunk Employee
Splunk Employee

Any updated on the EMC APP ?

0 Karma

halr9000
Motivator

Sent! No ETA on publishing, still haven't gotten the infrastructure setup to test this yet. Anyone who wants an as-is copy is welcome to it.

0 Karma

BenjaminWyatt
Communicator

Hey halr9000, has this app been published to Splunkbase yet? I have a use case for this that only requires the audit logs, so having the app now (even if it only collects the audit information) would be a big win for us.

0 Karma

halr9000
Motivator

All, I will be publishing this app to Splunkbase for dmaislin as soon as I can. I may go ahead and put it out there as-is (it only does audit logs and nothing else) just go get it out there.

dtamura
New Member

Hi everyone! Do you know if this app has been released?! I looked at Splunkbase and I couldn't find it. Thanks!

0 Karma

dmaislin_splunk
Splunk Employee
Splunk Employee

I know we were going to present this App at the .conf 2012 in Vegas because it was my presentation slot, but, due to unfortunate unrelated events we had to take this off the agenda. I have used the App, and it presents usage information, but we are trying to add the other more interesting information such as RAID state, cache, etc. Things not offered in the CEPA API. You can download the CEPA API from EMC and create your own if you can't wait.

0 Karma

BobIT
New Member

Has there been any movement on this App. Is EMC still testing it?

Is the CEPA API an EMC product?

0 Karma

jumper4000
Explorer

When you say soon, how soon are we talking about? Also would App give us real time data from the NAS?

Thanks

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...