locked
Importing audit logs with NetApp in SCOM 2007 R2 RRS feed

  • Question

  • Good day!

    There is a NetApp V3140 I am using OnCommand-PlugIn-Microsoft_3.0_x64_NetApp tied to SCOM 2007 r2. In SCOM 2007 otobrazhayutsya log are associated with the hardware. The problem is this, how to get logs for auditing network drives with NetApp if they are not broadcast on the SNMP protocol. Using NetApp utilities maximum that I was able to unload this audit log to a separate network drive, but how their network drive with this load in SCOM not know. Show you how to do this if this is possible and whether it is possible to associate with NetApp Microsoft Audit Collection Services.

    Thanks! Sorry for my english.

    Tuesday, December 27, 2011 1:28 PM

Answers

  • Hi, just trying to figure out what you are trying to do here.
    Normally what you would do is create some luns and such on the netapp and give it to a windows box. The windows box creates a disk on it with NTFS. In windows you can set auditing to enabled and apply some auditing to the folders on that disk. They will appear in windows security log. Which you can bring to SCOM, either through event log monitors/rules or ACS.
    Bob Cornelissen - BICTT (My Blog about SCOM) - Microsoft Community Contributor 2011 Recipient
    • Marked as answer by Yog Li Thursday, January 5, 2012 3:56 AM
    Wednesday, December 28, 2011 7:36 AM
  • Hi,

    @Bob: It could be used as a NAS.

    If so - there is no easy way to get an audit logs into ACS. You'll need to develop some in-house software that can query a NetApp device for logs and publish this logs somehow for ACS forwarder (write to eventlog). This is a labour-intensive task (and could be expensive as well).


    http://OpsMgr.ru/
    • Marked as answer by Yog Li Thursday, January 5, 2012 3:56 AM
    Saturday, December 31, 2011 5:42 AM

All replies

  • Hi, just trying to figure out what you are trying to do here.
    Normally what you would do is create some luns and such on the netapp and give it to a windows box. The windows box creates a disk on it with NTFS. In windows you can set auditing to enabled and apply some auditing to the folders on that disk. They will appear in windows security log. Which you can bring to SCOM, either through event log monitors/rules or ACS.
    Bob Cornelissen - BICTT (My Blog about SCOM) - Microsoft Community Contributor 2011 Recipient
    • Marked as answer by Yog Li Thursday, January 5, 2012 3:56 AM
    Wednesday, December 28, 2011 7:36 AM
  • Hi,

    @Bob: It could be used as a NAS.

    If so - there is no easy way to get an audit logs into ACS. You'll need to develop some in-house software that can query a NetApp device for logs and publish this logs somehow for ACS forwarder (write to eventlog). This is a labour-intensive task (and could be expensive as well).


    http://OpsMgr.ru/
    • Marked as answer by Yog Li Thursday, January 5, 2012 3:56 AM
    Saturday, December 31, 2011 5:42 AM
  • Hi,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as "Answered" as the previous steps should be helpful for many similar scenarios.

    In addition, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

    Thanks,


    Yog Li

    TechNet Community Support

    Thursday, January 5, 2012 3:56 AM