You can configure your file shares for monitoring in one of the following ways:
Automatically when creating a monitoring plan—Partially. Only audit settings for file shares will be configured.
If you select to automatically configure audit in the target environment, your current audit settings will be periodically checked and adjusted if necessary.
NOTE: This method is recommended for evaluation purposes in test environments.
To configure EMC Celerra/VNX/VNXe for auditing, perform the following procedures:
Configure Security Event Log Maximum Size to avoid overwriting of the security logs; it is recommended to set security log size to a maximum (4GB).
By default, the security log is set to overwrite events that are older than 10 days, and its size is set to 512 KB. The default location for the security.evt log is C:\security.evt, which corresponds to the root partition of the Data Mover. To be able to increase the security log size, you must move it from the Data Mover root folder.
- Configure Audit Object Access Policy. Set the Audit object access policy set to "Success" and "Failure" in the Group Policy of the OU where your EMC VNX/VNXe/Celerra appliance belongs to.
For more information on VNX/VNXe/Celerra GPO support, refer to documentation provided by EMC.
- Configure Audit Settings for CIFS File Shares on EMC VNX/VNXe
NOTE: If your file shares contain symbolic links and you want to collect state-in-time data for these shares, the local-to-local, local-to-remote, remote-to-local, and remote-to-remote symbolic link evaluations must be enabled on the computer that hosts Netwrix Auditor Server. See Enable Symbolic Link Evaluations for more information.