Unsolved
This post is more than 5 years old
1 Rookie
•
51 Posts
0
761
September 27th, 2012 12:00
Celerra Auditing for Deletes
We have installed the MMC Snap in for Celerra. On the Data Mover Management I put in the File systems name. Audit Enabled it on. When I look at Source Servers it list all the CIFS Servers hosted on the NAS.
I have gone to a share on the NAS and and sis security advance \ auditing. for me to see if i can capture myself adding deleteing files and such.
Now when I go to the Event viewer all I see are Logoff and logon events for everybody. I just want to see who creates, reads writes and deletes data on a folder in a CIFS share.
The logon\logoff events are for every CIFS server out there. Not sure what I am doing wrong.
No Events found!
Rainer_EMC
4 Operator
•
8.6K Posts
0
September 27th, 2012 13:00
Did you create an Audit ACL ?
MartinDuble
1 Rookie
•
51 Posts
0
September 27th, 2012 13:00
Just to be clear. IS the AUDT ACL doen with AD. or is that part of the Datamover MMC.
Rainer_EMC
4 Operator
•
8.6K Posts
0
September 28th, 2012 03:00
With the MMC you just enable once that the CIFS server is capable of auditing
You then need (just like on a Windows system) to define auditing using SACLs on the file system
By default there are no auditing SACLs
Just right-click on a directory then properties -> security -> advanced -> auditing
Might worth asking your Windows admins for help – that should be pretty standard for them.
There are also config options via policies,GPOs,…
Rainer