Before you start creating a monitoring plan to audit your EMC Isilon file storage system, plan for the account that will be used for data collection. The following scenarios are possible:
- Automatic configuration: you can use a special shell script for configuring an audited EMC Isilon cluster and granting necessary privileges to the account used to collect audit data.
- Manual configuration: you can grant all the necessary permissions to data collecting account manually. For that, ensure the account meets the requirements listed below.
On the target server:
- The account must be a member of the local Administrators group.
- The account requires Read permissions on the audited shared folders.
- The account requires Read permissions on the folder where audit events are logged (/ifs/.ifsvar/audit/)
To connect to EMC Isilon storage cluster, an account must be assigned a custom role (e.g., netwrix_audit) that has the following privileges:
Platform API (ISI_PRIV_LOGIN_PAPI) readonly Auth (ISI_PRIV_AUTH) readonly Audit (ISI_PRIV_AUDIT) readonly Backup (ISI_PRIV_IFS_BACKUP) readonly
See Configuring Your EMC Isilon Cluster for Auditing for more information.
NOTE: If you plan to connect to a cluster that works in the compliance mode, the account must meet additional requirements.