If you don't mind, please open a new Question asking this, and tag it with the CEE TA app tag by clicking this link: http://answers.splunk.com/ask/?appid=1742. I'll try to watch for it and answer there.
Looking at the documentation, I'm a little confused. I'm aiming to get the audit logs from Celerra. I have a heavy forwarder that I use to collect info from other servers. Can I install the CEE tools on that? I hope I don't have to install anything on the EMC datamover appliance.
So I ended up with a different, kind of hacked together solution that works. I use Netwrix to collect and interpret the audit logs. It sends an email every 5 minutes. I have a perl script that reads the emails and writes to a log file that splunk reads. Kind of a hack, but it works. Netwrix is cheap and they do a lot of interpretation that I do not have to do. They are looking at providing a direct to log output in the future so I can drop the email/perl script bit.
We just finished writing an App that leverages the EMC CEPA API to access disk usage. The API service runs on Windows. EMC is testing the app and we hope to get it uploaded to SplunkBase soon.
Hey halr9000, has this app been published to Splunkbase yet? I have a use case for this that only requires the audit logs, so having the app now (even if it only collects the audit information) would be a big win for us.
All, I will be publishing this app to Splunkbase for dmaislin as soon as I can. I may go ahead and put it out there as-is (it only does audit logs and nothing else) just go get it out there.
I know we were going to present this App at the .conf 2012 in Vegas because it was my presentation slot, but, due to unfortunate unrelated events we had to take this off the agenda. I have used the App, and it presents usage information, but we are trying to add the other more interesting information such as RAID state, cache, etc. Things not offered in the CEPA API. You can download the CEPA API from EMC and create your own if you can't wait.