You can collect resource activity on local managed Windows servers, SharePoint farms, and supported NetApp and EMC managed hosts.
Note: Limitations with collecting resource activity on EMC storage devices:
- EMC activity collection requires that EMC CEE 7.1 is installed on the same server as the Data Governance agent.
- EMC VNX activity collection by Data Governance agents is not supported for storage devices with multiple CIFS exposed virtual data movers.
- Resource activity collection and real-time security updates are not supported for EMC Isilon NFS managed hosts.
- If Change Auditor is configured to collect activity from your EMC device via the Quest Shared EMC Connector, and you would like activity collection/aggregation in Data Governance Edition, you MUST configure Data Governance Edition to collect activity directly from Change Auditor. You will not be able to collect activity from your EMC device with both Change Auditor and Data Governance Edition.
When enabled, you can configure to collect data on identities, reads, writes, creates, deletes, renames, and security changes on securable objects. Resource activity summary information is used to calculate ownership and for generating activity-related reports, including
Important: By default, the collection of resource activity is disabled. You can enable it when you configure your managed hosts. However, collecting resource activity on your managed hosts impacts network usage and increases load on the Resource Activity database server and Data Governance server, especially when collecting activity on large busy servers. Configuring the proper exclusions and aggregation is important to limit some of this load. You should carefully plan out which servers you want to collect activity on and enable it only on those machines.
If you are collecting resource activity, it is recommended that you set up a scheduled execution of the activity database compression utility. This utility compresses the activity in your database that is older than a certain age and optionally purges entries that are even older. This is essential in ensuring your database remains manageable. For more information on the activity database compression utility, see the One Identity Manager Data Governance Edition Technical Insight Guide.
Note: Data Governance Edition may report certain operations in unexpected ways. For example, in some instances a file rename operation may be represented as a delete and a create. This is normal behavior and depends on the system, or in some cases, the applications being used to interact with the resources.
Note: The time stamps for resource activity are based on the agent local time.
The Resource Activity page on the Managed Host Settings dialog contains the following information and options to configure the collection and aggregation of resource activity.
|No activity (scheduled security scans only)||
Use this option if you do not want to collect resource activity for the target managed host.
NOTE: For all types of managed hosts, this option is selected by default indicating that resource activity in not being collected for the target managed host.
|Collect and aggregate events||
Select this option to collect resource activity for the target managed host. When this option is selected, you can configure the events to be collected and the aggregation interval to be used to compress the activity data.
NOTE: For SharePoint farm managed hosts, native SharePoint auditing must be enabled in order to collect resource activity.
NOTE: For NetApp managed hosts, the FPolicy settings control the activity sent to the agent, unless resource activity is being collected directly from Change Auditor. For more information, see FPolicy deployment.
NOTE: For EMC Celerra/VNX devices, you must configure the cepp.conf. For more information, see Creating the cepp.conf file (Celerra or VNX devices).
NOTE: For EMC Isilon CIFS devices, you must enable auditing. For more information, see Enabling system configuration auditing (Isilon devices).
NOTE: When using Change Auditor to collect resource activity, this option is selected by default.
Select or clear the check boxes to specify the type of events to be included in the resource activity collection process:
NOTE: When resource activity collection is enabled, read operations are not collected by default. Care should be taken when enabling read operations because they may cause performance issues.
Select how often you would like to aggregate the data. Valid aggregation intervals are:
All activity is aggregated within the set time frame, which is 8 hours by default. For example, if a user reads a file ten times within the time frame, it appears as a single line item with a count of 10.
The aggregation interval should be chosen carefully. A shorter interval gives more granular information about activities but can cause the size of the database to use up all the disk space on the server.
NOTE: When using Change Auditor to collect resource activity, the aggregation setting is not available. Change Auditor is configured to collect events every 15 minutes on all managed hosts.
Resource Activity Exclusions
Click this button to specify the accounts, file extensions, and folders to be excluded from the resource activity collection process. By focusing on the objects in whose activity you are interested, you can reduce network traffic.
Certain well known system accounts, file extensions, and folders are excluded by default, such as:
By default, the Data Governance agent excludes the run as account (local managed hosts) and the domain service account (remote managed hosts) from activity collection and aggregation regardless if the service account is specified in the Resource Activity Exclusions list. The service account for SharePoint farm managed hosts are not excluded by default; you will need to add the SharePoint service account manually for SharePoint farm managed hosts.
To see the full list, click the Resource Activity Exclusions button.
NOTE: When using Change Auditor to collect resource activity, the Resource Activity Exclusions feature is not available.
For EMC Celerra/VNX hosts, this button allows you to view or update the cepp.conf file for the selected data mover.
Clicking this button displays a Logon Credentials dialog allowing you to enter the EMC Celerra/VNX control station credentials and to select the data mover to be scanned.
The client then retrieves and displays the cepp.conf file from the selected data mover. You can edit the Proposed cepp.conf file (lower pane) as needed. To save your edits, select Update File. The client then sends the Proposed cepp.conf file to the EMC device. It will stop and start the cepp service for the selected data mover to apply the new cepp.conf file.
Click the Check Status button to retrieve the same information you wold get if you ran "server_cepp server_2-pool-info" on the EMC device.