For EMC Isilon Auditing

Before you start creating a monitoring plan to audit your EMC Isilon file storage system, plan for the account that will be used for data collection. The following scenarios are possible:

  • Automatic configuration: you can use a special shell script for configuring an audited EMC Isilon cluster and granting necessary privileges to the account used to collect audit data.
  • Manual configuration: you can grant all the necessary permissions to data collecting account manually. For that, ensure the account meets the requirements listed below.

On the target server:

  1. The account must be a member of the local Administrators group.
  2. The account requires Read permissions on the audited shared folders.
  3. The account requires Read permissions on the folder where audit events are logged (/ifs/.ifsvar/audit/)
  4. To connect to EMC Isilon storage cluster, an account must be assigned a custom role (e.g., netwrix_audit) that has the following privileges:

    Platform API (ISI_PRIV_LOGIN_PAPI) readonly
    Auth (ISI_PRIV_AUTH) readonly
    Audit (ISI_PRIV_AUDIT) readonly
    Backup (ISI_PRIV_IFS_BACKUP) readonly

    See Configuring Your EMC Isilon Cluster for Auditing for more information.

    NOTE: If you plan to connect to a cluster that works in the compliance mode, the account must meet additional requirements.