Apoyo
 
Nosotros: + 1888 720 9500
Estados Unidos: +1888791 1189
Internacional: +1925924 9500
Aus: +1800 631268
Reino Unido: 0800 028 6590
CN: +86400660 8680

Marcación interna directa: +1 408 916 9892

 

Configuración de la auditoría de EMC Isilon

Esta sección describe los pasos para configurar los parámetros de auditoría en los nodos de EMC Isilon y para reenviar datos de eventos a ADAudit Plus. Los comandos para configurar los ajustes necesarios varían según la versión de OneFS, pero todos implican tres pasos:

Paso 1: habilite la auditoría de protocolo y configure los ajustes de auditoría

Estos comandos habilitan la auditoría de protocolo en las zonas de destino y también configuran la auditoría de los eventos de acceso requeridos.

Paso 2: habilitar el reenvío de syslog

ADAudit Plus requires syslog data to report on file activities in your EMC Isilon storage environment. These commands enable syslog forwarding from your Isilon nodes.

Step 3: Configure the IP address of the ADAudit Plus server

Add the IP address of the ADAudit Plus server to the list of entities to which syslog data should be forwarded to.

Follow the steps listed under your OneFS version to configure EMC Isilon auditing.

For OneFS Version 7.x:

  1. Execute these commands to enable protocol auditing and configure audit settings:
    • isi audit settings modify --protocol-auditing-enabled yes --audited-zones <zone_names>
    • isi zone zones modify <zone_name> --audit-success create,delete,read,rename,set_security,write
    • isi zone zones modify <zone_name> --audit-failure create,delete,read,rename,set_security,write
    • isi zone zones modify <zone_name> --syslog-audit-events create,delete,read,rename,set_security,write
  2. To enable syslog forwarding, execute this command:
    • isi zone zones modify <zone_name> --syslog-forwarding-enabled=yes
  3. To configure the IP address of the ADAudit Plus server, follow these steps:
    • Connect to any one of your Isilon nodes using an SSH client.
    • Open the syslog.conf file, which can be found at the /etc/mcp/templates directory.
    • Locate the !audit_protocol line and add the below entry, providing the correct value in place of hostname or IP address:
      *.* @<hostname/IP Address of the ADAuditPlus server>
    • Save the syslog.conf file.

For OneFS Versions 8.0 and 8.1:

  1. Execute these commands to enable protocol auditing and configure audit settings:
    • isi audit settings global modify --protocol-auditing-enabled yes --audited-zones <zone_names>
    • isi audit settings modify --zone <zone_name> --audit-success create,delete,read,rename,set_security,write
    • isi audit settings modify --zone <zone_name> --audit-failure create,delete,read,rename,set_security,write
    • isi audit settings modify --zone <zone_name> --syslog-audit-events create,delete,read,rename,set_security,write
  2. To enable syslog forwarding, execute this command:
    • isi audit settings modify --syslog-forwarding-enabled=yes --zone=<zone_name>
  3. To configure the IP address of the ADAudit Plus server, follow these steps:
    • Connect to any one of your Isilon nodes using an SSH client.
    • Open the syslog.conf file, which can be found at the /etc/mcp/templates directory.
    • Locate the !audit_protocol line and add the below entry, providing the correct value in place of hostname or IP address:
      *.* @<hostname/IP Address of the ADAuditPlus server>
    • Save the syslog.conf file.

For OneFS Version 8.2:

  1. To enable protocol auditing, configure audit settings, and configure the IP address of the ADAudit Plus server, execute this command:
    • isi audit settings global modify --protocol-auditing-enabled yes --audited-zones <zone_name> --protocol-syslog-servers <IP_of_ADAuditPlus_server>
    • isi zone zones modify <zone_name> --audit-success create,delete,read,rename,set_security,write
    • isi zone zones modify <zone_name> --audit-failure create,delete,read,rename,set_security,write
    • isi zone zones modify <zone_name> --syslog-audit-events create,delete,read,rename,set_security,write
  2. To enable syslog forwarding, execute this command:
    • isi audit settings modify --syslog-forwarding-enabled yes --zone <zone_name>

ADAudit Plus cuenta con la confianza de