Article Number: 000010690
Dell Unity: How To Change the location of the Unity NAS Server Security Log file [c:security.evt] and increase the log size (User Correctable)
Summary: Change the location of the Unity NAS Server Security Log file [c:security.evt] and increase the log size.
Article Content
Instructions
If you do not allow any missing logs during these steps, stop access from users by means such as stopping associated shares, etc.
If you must backup the security.evt already in use, disable auditing and save the file in prior to the steps below.
For details, refer to
https://dl.dell.com/content/manual69194096-dell-emc-unity-family-configuring-hosts-to-access-smb-file-systems.pdf?language=en-us
Change the location of security.evt file from default ( \\SMB_server_netbios_name\C$\.etc\audit\security.evt ) to custom location on a NAS filesystem:
As Domain Admin, open the Windows Registry Editor: Start>Run>regedit and select "File -> "Connect Network Registry" and enter SMB server hostname/IPaddress/FQDN to connect:
Once connected you see the local and remote registry, expand the following tree and highlight "Security":
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Eventlog/Security
When the "File" entry is changed to a new location, the security file is created:
Path used is C:\UnityNASFS\1\security.evt.
Connect to the target CIFS server referring to https://support.emc.com/kb/501783.
Then navigate to Security, right-click it and Clear all Events in order for the change to take effect.
Change the size of the security.evt file from default size of 512 KB to a custom size:
The size can be changed in registry, a few lines under the "File" location, "MaxSize" can be specified.
The size of security.evt file can as well be specified by using "Event Viewer" on Windows.
Connect to remote computer and choose SMB server using hostname/IPaddress/FQDN:
Right-click Security and select properties:
If you have stopped associated shares or disabled auditing, enable auditing and start the associated shares again.
If you must backup the security.evt already in use, disable auditing and save the file in prior to the steps below.
For details, refer to
https://dl.dell.com/content/manual69194096-dell-emc-unity-family-configuring-hosts-to-access-smb-file-systems.pdf?language=en-us
Change the location of security.evt file from default ( \\SMB_server_netbios_name\C$\.etc\audit\security.evt ) to custom location on a NAS filesystem:
As Domain Admin, open the Windows Registry Editor: Start>Run>regedit and select "File -> "Connect Network Registry" and enter SMB server hostname/IPaddress/FQDN to connect:
Once connected you see the local and remote registry, expand the following tree and highlight "Security":
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Eventlog/Security
When the "File" entry is changed to a new location, the security file is created:
Path used is C:\UnityNASFS\1\security.evt.
Connect to the target CIFS server referring to https://support.emc.com/kb/501783.
Then navigate to Security, right-click it and Clear all Events in order for the change to take effect.
Change the size of the security.evt file from default size of 512 KB to a custom size:
The size can be changed in registry, a few lines under the "File" location, "MaxSize" can be specified.
The size of security.evt file can as well be specified by using "Event Viewer" on Windows.
Connect to remote computer and choose SMB server using hostname/IPaddress/FQDN:
Right-click Security and select properties:
If you have stopped associated shares or disabled auditing, enable auditing and start the associated shares again.
Additional Information
NAS Server/SMB server and Filesystem used for this example are:
NAS Server = UnityNAS
SMB Server = \\unitynas.supportw2k8.muc.de
Filesystem = UnityNASFS
NAS Server = UnityNAS
SMB Server = \\unitynas.supportw2k8.muc.de
Filesystem = UnityNASFS
Article Properties
Affected Product
Dell EMC Unity Family
Product
Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid, UnityVSA, Dell EMC UnityVSA Professional Edition/Unity Cloud Edition
Last Published Date
23 May 2023
Version
5
Article Type
How To