User Behavior Auditing and Analysis

User Behavior Auditing allows the ability to track how end users interact with data stored on Brickstor SP.

User Behavior logs the operations for each file made by applications and users, such as file creation, movement, deletions, etc.

BrickStor displays this information in real-time reports and graphs.

Enable User Behavior at the pool level or the dataset level:

  • BrickStor SP logs the behavior of users at the system level where it was configured and its descendants.

    • For example, if User Behavior at the Pool Level is enabled, it is also enabled for all datasets within that pool.

By default, the system stores user behavior data in the meta dataset of the pool.

Enabling User Behavior

To enable User Behavior, complete the following steps:

  1. In BrickStor SP Manager, select either a pool or dataset.

  2. In the Details pane, select the Sharing tab.

  3. Under User Behavior, click the toggle button to On.

    Enabling User Behavior

  4. In the Changes pane, click Commit Changes.

    Enable User Behavior Commit

User Behavior Audit

After User Behavior is enabled, BrickStor SP displays an overview of all user actions initiated from that point.

View the following information in the User Behavior Audit.

Accessing the User Behavior Audit

To view the User Behavior Audit, complete the following steps:

  1. In the Connections pane, select either a pool or dataset.

  2. In the Details pane, select the User Behavior tab.

    Selecting the User Behavior Audit Tab

    Most of the content here can be clicked on and will lead to the Activity page.

Forwarding User Behavior

The user behavior activity can be forwarded to a SIEM or log centralization for off system processing and analysis. To configure UBA to forward to another host, begin by running setup.

root@bsr-3841af53:~# setup
RackTop Cyberconverged NAS
Setup Utility
Copyright 2022 RackTop Systems, Inc.

 Main Menu

 1. Configure RMM interface.
  2. Configure nodename.
  3. Configure network interface.
  4. Configure aggregate network interface.
  5. Configure NTP settings.
  6. Configure DNS settings.
  7. Disable system service connections to the Internet.
  8. Configure TimeZone.
  9. Restart appliance.
10. System Information and Administration.
11. Exit Setup Utility.

Select menu option and press enter or press enter to exit.

  • Select Option 10, and press Enter.

Use CTRL-C to exit at anytime. 
RackTop Cyberconverged NAS
Setup Utility
Copyright 2022 RackTop Systems, Inc.

 System Information and Administration Menu

 1. Operating System Version.
  2. Hardware list.
  3. Additional System Information
  4. License Information
  5. Show interface links.
  6. Change local password.
  7. Add local User account.
  8. Remove local User account.
  9. Review current state of services.
  10. Enable or disable service.
  11. Add system to Active Directory.
  12. Check Active Directory.
  13. IO Status Check.
  14. Configure Syslog Forwarding.
  15. Add a license key to system.
  16. Upgrade operating system.
  17. Support Bundle.
  18. Start a shell.

 Please select menu option and press enter or press enter to return to main menu.

  • In the System Information and Administration Menu, select 14 - Configure Syslog Forwarding, and press Enter.

1. Syslog forwarding.
  2. UB forwarding.
  3. Disable Syslog forwarding.
  4. Disable UB forwarding.

 Select option above:

  • Select 2 - UB forwarding, and press Enter.

What protocol would you like to use: (options: tcp/udp)

  • Enter tcp, and press Enter.

  What is the IP Addess to the server that you would like to send to:

  • Enter <IP of Your BrickStor SP>, and press Enter.