Is it possible using SCOM to monitor audit events from Windows Shares mounted on EMC storage? And is so, any pointers to how?
I am about to start researching monitoring EMC storage as well. As we start down the path of monitoring things like this the one thing I am being drawn to is Silect MP Studio. They have a webinar on SNMP monitoring that it is looking like I will need to use for a few things I wish to monitor. You could likely get by with their MP Author which is cheaper but the added feature or being able to do a synthetic deployment of an MP and see how many alerts it is going to cause before I deploy it seems quite valuable. I also know there will be those that recommend using fragments as Kevin Holman has shown in multiple webinars but if you watch some of them he mentions using Silect to help write the fragments in one of them so I am thinking why not have it and be able to do what ever I need to.
The only issue with SNMP monitoring that I have found is that you are restricted by what they expose via SNMP. The Isilon MP I wrote was a case in point where I had to find alternatives for some things that EMC didn’t expose via SNMP like the shares and node pools. F5 whose SNMP exposure is one of the better ones, had a few limitations too!
Not sure if this helps: https://www.youtube.com/watch?v=Ogzlnqo7E4g
I’m specifically looking to monitor Share and NTFS permissions on EMC filesystem. Potentially via PowerShell as an on demand task in Squared Up. We’re capturing Security Events that are visible through MMC, but as it’s not a real Windows Share mounted on a Windows VM, I’m not sure how I’d get SCOM to pick those up.
Thanks Jelly and Rick. That Security Management Pack looks like a must have.
Ok, frustrating afternoon mucking about with the EMC Cmdlets to try and get the Share ACLs using PowerShell. I’ve managed to get SCOM to force PowerShell to use 64bit, as it didn’t work 32bit, I can get the EMC cmdlets to install in the session, but when I try Show-ShareAcl -ServerName XXXX -ShareName XXXX it doesn’t return any output.
I need to find a way of getting the Share permissions on EMC so we can see if they’re changed. What’s going to be the easiest fastest solution? PowerShell, SNMP or something else? Ruben’s https://4sysops.com/archives/use-powershell-and-scom-to-find-file-shares-with-weak-permissions/ is awesome and will be really useful for other file shares, If I could somehow get that to work on EMC shares that would be perfect!