EMC VNX 8.1 VNX for File P/N 300-015-126 A01 2013 8... 2... 2... 2... 4 SYSlog... 6 SYSlog... 6 A Audit_messages... 7 B... 10 1
VNX for File Control Station SYSlog SYSlog Control Station Linux SYSlog ID LDAP SYSlog SYSlog SYSlog /nas/log/cmd_log /var/log/messages 2 VNX for File
Date/time stamp, Time zone, System ID (Serial number), EVENTID, Operation, Username, User ID, Log name, Original Celera Log Entry Date/Time Stamp Control Station Time zone Linux System ID /nas/sbin/serial EVENTID Operation Username /nas/site/user_db User ID ID Log Name Original Celera Log Entry Celera SYSlog May 18 18:32:14 nasdev244cs0 AUDIT_Messages.pl: 05/18/2010,18:32:14,EDT,ABC12345678901,1101,Succesful Login,root(uid=0)@local,0,/var/log/messages,May 18 18:32:02 nasdev244cs0 sshd(pam_unix)[16132]: session opened for user root by root(uid=0) SYSlog Control Station SYSlog May 18 18:32:14 nasdev244cs0 AUDIT_Messages.pl Date/Time Stamp AUDIT 5/18/2010 18:32:14 Time zone EDT System ID ABC12345678901 Event ID 1101 Operation Successful Login Username root(uid=0)@local User ID 0 VNX for File 3
Log Name /var/log/messages Original Celera Log Entry May 18 18:32:02 nasdev244cs0 sshd(pam_unix)[16132]: session opened for user root by root(uid=0) 2 May 18 18:32:32 nasdev244cs0 sshd[16348]: Accepted password for nasadmin from 128.222.7.47 port 2221 ssh2 May 18 18:32:39 nasdev244cs0 AUDIT_Messages.pl: 05/18/2010,18:32:39,EDT,ABC12345678901,1103,Password for session accepted,root(uid=0)@local,0,/var/log/messages,may 18 18:32:32 nasdev244cs0 sshd[16348]: Accepted password for nasadmin from 128.222.7.47 port 2221 ssh2 1. root 2. Zip AUDIT_tool Control Station /etc/audit_tool cp rf /<path>/audit_tool/ /etc/audit_tool/ 3. AUDIT_tool cd ls AUDIT_cmd_bs AUDIT_messages.pl auto custom_cmd_log.csv File ReadMe.txt AUDIT_cmd.pl AUDIT_ms_bs cmd_log.csv custom_messages_log.csv messages_log.csv Time 4. AUDIT_ms_bs /etc/.audit_ms_bs '.' cp f AUDIT_ms_bs /etc/.audit_ms_bs 5. AUDIT_cmd_bs /etc/.audit_cmd_bs '.' cp f AUDIT_cmd_bs /etc/.audit_cmd_bs 4 VNX for File
6. /etc chmod u+x.audit_ms_bs chmod u+x.audit_cmd_bs 7..AUDIT_ms_bs /etc/.audit_ms_bs B 8. tail f /var/log/messages 8. /etc/initab inittab # Run the Audit tool shell scripts aml:3:respawn:/etc/.audit_ms_bs acl:3:respawn:/etc/.audit_cmd_bs 9. inittab telinit q VNX for File 5
SYSlog 1. loghost Control Station /etc/hosts #log host # Ipaddress (###.###.###) -- Fully qualified DNS name -- "loghost" 128.001.1.1 rsyslog_host.company.com loghost 2. /etc/syslog.conf # write audit to remote log auth.notice @loghost 3. SYSlog /etc/service syslog restart SYSlog 1. SYSlog /etc/sysconfig/syslog SYSLOGD_OPTIONS -r cat /etc/sysconfig/syslog SYSLOGD_OPTIONS r SYSLOGD_OPTIONS="-m 0 -r" 2. 3. SYSlog /etc/service syslog restart 6 VNX for File
A Audit_messages Audit_messages -help -scaninterval=<filename> 20 10 300 -userfile=<filename> custom_messages_log.csv EVENTID, UID_Valid, Operation, message_text EVENTID UID_Valid UID UID Operation message_text -logfilename=<filename> /var/log/messages -syslog_severity=<severity_level> SYSlog LOG_NOTICE LOG_EMERG -- LOG_ALERT -- VNX for File 7
LOG_CRIT -- LOG_ERR -- LOG_WARNING -- LOG_NOTICE -- LOG_INFO -- LOG_DEBUG -- -syslog_facility=<facility_name> SYSlog LOG_AUTH LOG_AUDIT -- LOG_AUTH LOG_AUTHPRIV LOG_CONSOLE -- /dev/console LOG_CRON -- cron at LOG_DAEMON -- LOG_FTP -- FTP LOG_KERN -- LOG_INSTALL -- LOG_LAUNCHD -- launchd - LOG_LFMT -- logalert LOG_USER LOG_LOCAL0 LOG_LOCAL7 -- LOG_LPR -- LOG_MAIL -- LOG_NETINFO -- NetInfo LOG_NEWS -- USENET LOG_NTP -- NTP OG_RAS -- VPN/PPP 8 VNX for File
-man LOG_REMOTEAUTH -- / LOG_SECURITY -- LOG_SYSLOG -- syslogd LOG_USER -- LOG_UUCP -- UUCP -debug VNX for File 9
B.AUDIT_ms_bs Linux Mac PC 1. vi vi vi.audit_ms_bs 2. UNIX :set fileformat=unix 3. Enter 4. :wq! 10 VNX for File
2011-2013 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC2, EMC, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United State and other countries. All other trademarks used herein are the property of their respective owners.