Home > Storage > PowerScale (Isilon) > Product Documentation > Security and Compliance > File System Auditing with Dell EMC PowerScale and Dell EMC Common Event Enabler > Configure Dell EMC CEE event forwarding
The CEE needs to be configured with an audit endpoint to forward events. The CEE configuration changes are performed using Windows Registry Editor (regedit):
1. Open the registry (select “Start > Run > regedit”).
2. Locate the following key: HKLM\Software\EMC\CEE\CEPP\Audit\Configuration.
3. Enable audit by setting the registry key – Enabled to 1 (REG_DWORD)
[HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] Enabled = (REG_DWORD) 0x00000001
4. Edit the endpoint string value as shown in 7:
3rd audit application |
Configuration on CEE event forwarding |
Varonis DatAdvantage |
If the Varonis Probe is installed on the same machine, set the value to Varonis. If the Varonis Probe is installed on another machine, set the value to Varonis@<ProbeIP>, where <ProbeIP> is the IP address of the Varonis Probe server. |
STEALTHbits StealhAUDIT |
Set Value to SteathAUDIT |
5. Restart Dell EMC Celerra® Antivirus Agent (CAVA) service by the following command:
net stop “emc cava”
net start “emc cava”
The followings show an example of adding a local endpoint for Varonis DatAdvantage:
[HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] EndPoint = (REG_SZ) Varonis
The followings show an example of adding a remote endpoint for Varonis DatAdvantage:
[HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] EndPoint = (REG_SZ) Varonis@10.aaa.xxx.yyy
The followings show an example of adding multiple remote endpoints for Varonis DatAdvantage:
[HKEY_LOCAL_MACHINE\SOFTWARE\EMC\CEE\CEPP\Audit\Configuration] EndPoint = (REG_SZ) Varonis@192.168.22.3;Varonis@192.168.33.2