This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-07-02 08:57 AM

EMC Celerra CIFS file/folder auditing?

Hi,

Has anybody been able to get file or folder auditing working for EMC Celerra CIFS server? RSA Support claims that we need to implement SNMP collection of the Celerra alerts (shutdown etc.) from Celerra server besides fetching the actual file/folder auditing logs. I have a hard time understanding why we would need this. Shouldn't implementing the agentless pulling be enough?

 

Any experiences?

Thanks.

0 Likes
Reply
4 Replies
RSAAdmin
Beginner
Beginner
‎2008-07-08 04:56 PM

Hi Pasi,

 

Please have a look at this document: https://knowledge.rsasecurity.com/docs/rsa_env/device_config/EMCCelerra.pdf.Page 4 describes how to configure the CIFS server for file/folder auditing.

 

Best,

Debbie

 

 

Message Edited by DebbieU on07-15-200808:35 AM
Message Edited by DebbieU on01-18-201008:35 PM
0 Likes
Reply
GabrielPython
Beginner
Beginner
In response to RSAAdmin
‎2008-12-18 08:31 AM

Hi all,

 

i'm trying to load the enVision_event.cfg file as described by this guide.

 

I got a syntax error on each line containing the word facilitypolicy.

 

Anyone was successfull with ?

 

Regards

gabriel

 

0 Likes
Reply
JuanmaMerino
Beginner
Beginner
In response to GabrielPython
‎2011-03-24 07:16 AM

Dear Colleagues,

 

I'm collecting logs from a CELERRA CIFS Server. The logs are collected successfully like a Windows Event NIC agentless device type but the XML parser don't undestand the logs and I can't report on them.

RSA Support said their developers website is down for two weeks and they can't answer me...

 

By looking at the raw events the only one difference is this:

 

Original Windows Event Nic events begins like %NICWIN-4-Security_560_Security 

Celerra events begins like %CELERRA-4-Security_560_Security

The rest of the event is exactly the same.

 

Do you have any idea on how to solve this?

I tried to add a few lines in wineventnic_msg.xml replacing NICWIN with CELERRA but it didn't work. 

 

Any idea?

 

Thank you,

Juanma

0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to JuanmaMerino
‎2011-05-20 10:56 AM

I have collected logs from the CIFS server and just followed the instructions in the Device Configuration guide.   It worked fine.

 

 

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.