EMC Celerra CIFS file/folder auditing?
Has anybody been able to get file or folder auditing working for EMC Celerra CIFS server? RSA Support claims that we need to implement SNMP collection of the Celerra alerts (shutdown etc.) from Celerra server besides fetching the actual file/folder auditing logs. I have a hard time understanding why we would need this. Shouldn't implementing the agentless pulling be enough?
Please have a look at this document: https://knowledge.rsasecurity.com/docs/rsa_env/device_config/EMCCelerra.pdf.Page 4 describes how to configure the CIFS server for file/folder auditing.
i'm trying to load the enVision_event.cfg file as described by this guide.
I got a syntax error on each line containing the word facilitypolicy.
Anyone was successfull with ?
I'm collecting logs from a CELERRA CIFS Server. The logs are collected successfully like a Windows Event NIC agentless device type but the XML parser don't undestand the logs and I can't report on them.
RSA Support said their developers website is down for two weeks and they can't answer me...
By looking at the raw events the only one difference is this:
Original Windows Event Nic events begins like %NICWIN-4-Security_560_Security
Celerra events begins like %CELERRA-4-Security_560_Security
The rest of the event is exactly the same.
Do you have any idea on how to solve this?
I tried to add a few lines in wineventnic_msg.xml replacing NICWIN with CELERRA but it didn't work.