Before you start creating a monitoring plan to audit your EMC Isilon file storage system, plan for the account that will be used for data collection. The following scenarios are possible:
- Automatic configuration: you can use a special shell script for configuring an audited EMC Isilon cluster and granting necessary privileges to the account used to collect audit data.
- Manual configuration: you can grant all the necessary permissions to data collecting account manually. For that, ensure the account meets the requirements listed below.
Starting with version 9.96, you can use group Managed Service Accounts (gMSA) as data collecting accounts.
These group Managed Service Accounts should meet the related requirements.
On the target server:
- The account must be a member of the local Administrators group.
- The account requires Read permissions on the audited shared folders.
- The account requires Read permissions on the folder where audit events are logged (/ifs/.ifsvar/audit/)
To connect to EMC Isilon storage cluster, an account must be assigned a custom role (e.g., netwrix_audit) that has the following privileges:
Platform API (ISI_PRIV_LOGIN_PAPI) readonly Auth (ISI_PRIV_AUTH) readonly Audit (ISI_PRIV_AUDIT) readonly Backup (ISI_PRIV_IFS_BACKUP) readonly
See Configuring Your EMC Isilon Cluster for Auditing for more information.
NOTE: If you plan to connect to a cluster that works in the compliance mode, the account must meet additional requirements.