Getting Data In

Security logs from EMC Celerra

zafunt
Explorer

Does anyone have experience reading security logs from an EMC Celerra?

Our storage people are able to export a "live" file in an EVT format. However, Windows is unable to open it up. I can, however, use the "connect to computer" from a windows box to the datamover, and I can see the log. It just doesn't work from this export.

Tags (3)

halr9000
Motivator

You should be able to use the Common Event Enabler (intro blog post), which is a piece of free middleware from EMC that gathers file events from VNX (probably Celerra, Internet says yes), and Isilon, and notifies subscribers of those events in a managed way. It's often used for antivirus products, but is also used for audit use cases.

Long story short, watch this page ( http://apps.splunk.com/apps/#/search/vnx ), an app should appear there shortly, it was submitted the other day.

dmaislin_splunk
Splunk Employee
Splunk Employee

Yep, I uploaded it yesterday, am an awaiting approval. There will be 2 components, the add on that has communicates with EMC CEE API, and the app which contains all the lookup tables, field extractions, etc.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...