Configuration Settings for EMC Isilon Auditing

Configure the following audit settings on EMC Isilon nodes.

  1. Connect any one of the Isilon nodes using SSH Client
    1. Open syslog.conf file in the /etc/mcp/templates directory
    2. Add the following entry
      1. *.* @<hostname/IP Address of the AdAuditPlus server> after the "!audit_protocol" line
    3. Enable syslog forwarding for the zone to be audited by executing the following command
      1. on OneFS version 7.x isi zone zones modify <zonename> --syslog-forwarding-enabled=yes --syslog-audit-events=all
      2. on OneFS version 8.x isi audit settings modify --syslog-forwarding-enabled=yes --syslog-audit-events=all --zone=<zonename>

Steps to configure in ADAudit Plus.

  1. Login into ADAudit Plus.
  2. Goto File Audit tab → Configured Server → EMC Isilon.
  3. Configure the Isilon cluster with the wizard available (Note: Provide an administrative credential for audit).
  4. Goto Admin → General Settings → Connection.
  5. Check "Current Syslog Status" is "On".

Trouble shooting

Problem/Message Solution
The Selected Domain must be an Authentication Provider for the Cluster.

Make sure the cluster is added in the domain selected. If the issue persists, update the computer objects by following these steps:

  1. Click on Domain Settings, which can be found at the top right corner of the ADAudit Plus console.
  2. Click on the drop down menu and choose Update Domain Objects.
  3. Choose Computers from the list and click on Save.
  4. Wait for a few minutes, then try adding the server.
Isilon Zone(s) not Found Make sure the user provided in the first step has permission to read the Isilon configuration.
Error in getting Shares, Access is denied The user configured under Domain Settings must have the permission to read the shares for the configured zone.
The Timestamp is not updated/No data is received
  1. To check whether the syslog data is received by ADAudit server, install the ManageEngine Free Syslog Forwarder tool from https://www.manageengine.com/free-syslog-forwarder-tool/free-syslog-forwarder-index.html
  2. Turn off syslog Listening from Admin → General Settings → Connection (or) Stop ADAudit Plus Service
  3. In the syslog forwarder tool, click Start to receive syslog data.
  4. If no data is shown, re-check the syslog configurations. If the issue persists, contact support.
Copyright © 2020, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link