There are two different logs. Unity system logs can be sent to from Unity to a remote syslog server.
File system audit logs can be pushed out from the Unity using the CEE framework to a host. Another method would be to monitor the security.evt file on the Unity that holds the audit entries. The file is located \unity_netbios_name\C$\security.evt.
Page 33 of https://www.emc.com/collateral/TechnicalDocument/docu69322.pdf has the instructions on how to enable file system auditing.
... View more
CIFS is not a support target at this time.
http://docs.splunk.com/Documentation/Splunk/latest/Installation/Systemrequirements#Supported_file_systems
... View more
The CEE TA shouldn't be used with Isilon. Isilon supports sending audit logs directly to syslog. Search for the Isilon add-on and app in splunkbase and install that. There are also instructions on how to configure the cluster to send the logs to a syslog server.
... View more
Unity supports sending logs to syslog. Did you have issues configuring that?
https://www.dellemc.com/en-us/documentation/unity-family/unity-p-security-config-guide/03-vxe-c-sec-config-chap-logging.htm
... View more
VNX requires CEE to collect audit logs. I would have expected to just be able to collect remote event logs through WMI, but it just fails when I try to connect to the CIFS server running on the VNX. I only had a VNX running file OE 7.1 to test with though. I'll have to check on the functionality with the newer Unity arrays to see if it is any different.
... View more