cancel
Showing results for 
Search instead for 
Did you mean: 

datainsight, showing contents in workplace > contextmap

mesfun
Level 2

Hi everyone, symantec data insight 4.5 has been installed in our environment. Within Datainsight we ´ve just implemented and configured filer and several file servers. The system works fine and shows all scanned directories in file servers.

When workplace > contextmap shows file system structure from configured filer (vnx unified storage), many other directories (except currently existing once) are shown in the list. The directories could look like as below. What could this directories indicate?

please see attached image. I am more concerned of directories that start with @GMT....

DI-contextmap.PNG

8 REPLIES 8

Wally_Heim
Level 6
Employee

Hi mesfun,

The images don't seem to be working correctly.  Can you repost them so we can see what you are talking about?

Thank you,

Wally

Rod_p1
Level 6
Employee Accredited Certified

Hello Mesfun the images are not visible on my end. While we work to see if we can gain access to the directory you uploaded to can we  just export the  list using the disk icon at the bottom of the table?

contextmap_0.jpg


You will get an output similar to below:

"Analytics Data"
Path:,\\win2008r2nas\home


"Folder/File Name","Share Name","Filer Name","Type","FullPath","Total Activity","Total Activity (%)","Read","Write","Other","Active Files","Inactive Files","SensitiveFiles Files","Active Users","Size","Size(pretty)","Active size","Active size(pretty)","Inactive size","Inactive size(pretty)","DLP Policies Count","DLP Policies","Control Point","Control Point Count","Inferred Owner","Inferred Owner(login)","Custodians Count","Custodians","Custodians(login)","Files","Folders",
"GAvila","home","win2008r2nas","Windows File Server","\\win2008r2nas\home\GAvila","3118","0.17","1559","1559","0","222","0","0","1","1146118","1.093 MB","1146118","1.093 MB","0","0","0","","No","0","Gregg","GAvila@SAMGWIN.local","0","","","222","0",
"GDavis","home","win2008r2nas","Windows File Server","\\win2008r2nas\home\GDavis","2320","0.12","1242","1078","0","188","0","0","1","1127852","1.076 MB","1127852","1.076 MB","0","0","0","","No","0","Griselda","GDavis@SAMGWIN.local","0","","","188","0",
"GDodson","home","win2008r2nas","Windows File Server","\\win2008r2nas\home\GDodson","2162","0.12","1231","931","0","171","0","0","1","1122963","1.071 MB","1122963","1.071 MB","0","0","0","","No","0","Grisel","GDodson@SAMGWIN.local","0","","","171","0",
"GFields","home","win2008r2nas","Windows File Server","\\win2008r2nas\home\GFields","1624","0.09","901","723","0","103","0","0","1","1113369","1.062 MB","1113369","1.062 MB","0","0","0","","No","0","Gwen","GFields@SAMGWIN.local","0","","","103","0",
"GFox","home","win2008r2nas","Windows File Server","\\win2008r2nas\home\GFox","209163","11.16","119064","90099","0","1684","0","0","1","4216122","4.021 MB","4216122","4.021 MB","0","0","0","","No","0","Gregoria","GFox@SAMGWIN.local","0","","","1684","0",

 

We can then be better informed to answer your question on the additional directories you did not expect to see. In my example you will note that I have drill down capability into the substructure of the primary location of the context map as well.

Thanks Rod

mesfun
Level 2

Sorry for the image not been working, now I have attached a new image. It should just work.

Kimberley
Level 6
Partner

Hi @mesfun, I added your graphic in the body of your post, as well. 

Best,

Kimberley

Rod_p1
Level 6
Employee Accredited Certified

Mesfun these directories are likely system or application generated as they contain a time-stamp in the name. Can you elaborate on the owner of and events in these folders?

use the select columns in the context map and add them all and screen capture as below or better yet save to export a CSV file and message it to us.

cont1.jpg

I expect they are all identical and related to a system process or application user.

The implication in your question also implies that these are not visible on the device, share or the workspace view of the Symantec DataInsight (SDI) application. Is that true?

You may wish to have an open support case and an interactive session via webex or a similar meeting tool to cover the information. I'll monitor the post for your reply and you can message me a caseID if you go that route.

 

Thanks Rod

Rod_p1
Level 6
Employee Accredited Certified

As a quick note Mesfun, further research shows these directories as snapshot backups.

Ex:

 [user1@login1:~/work_dir/.snap> ls -apl
  total 1
  dr-xr-xr-x 44 root     root 32768 Nov 14 00:01 ./
  drwxr-xr-x  2 user1 unit  4096 Jun 11 11:54 ../
  drwxr-xr-x  2 user1 unit  4096 Jun 11 11:54 @GMT-2014.10.06-04.01.01/
  drwxr-xr-x  2 user1 unit  4096 Jun 11 11:54 @GMT-2014.10.08-04.01.01/
  drwxr-xr-x  2 user1 unit  4096 Jun 11 11:54 @GMT-2014.10.09-04.01.01/
  drwxr-xr-x  2 user1 unit  4096 Jun 11 11:54 @GMT-2014.10.10-04.01.01/
  drwxr-xr-x  2 user1 unit  4096 Jun 11 11:54 @GMT-2014.10.11-04.01.01/
  drwxr-xr-x  2 user1 unit  4096 Jun 11 11:54 @GMT-2014.10.12-04.01.01/ 

 

FYI, Rod

mesfun
Level 2

Thanks for all updates,

as Rod states the directories could be generated by system/application.

Yes, when navigating the share/file system, these directories (@GMT...) are not visible on the Windows explorer/cli.

Rod, (sorry for not giving clear picture of the issue) you mention snapshots, thus correct. Snapshot is implemented on the share/file system. We take hourly snapshots b/n 06:00 and 18:00, but I don´t find logic the way directories are shown in the list. Time stamp of directories should give mirror picture of the snapshot time which is hourly.

 

many regards

 

Rod_p1
Level 6
Employee Accredited Certified

Mesfun, in noting that each is a directory placeholder I wonder what the contents are for each shown. It may require interactive access to your desktop to see the actual representation.
 

I would assume you keep the snapshot for a period of time or that if you have a good one some older one can be removed. This assumption is due to the risk of filling the drive with unmonitored snaps as they build up in consumption of the filesystem.

I would expect that you could see the data and location in the Snapshot tool or a windows Explorer pointed to the CIFS share hosting the data.  There is a management plug-in (1) that allows review of the shares. Our workspace would be expected to allow you to drill down to directories and files that exist under the share and have not been excluded from scanning.

If you are auditing the share I expect the monitoring data would show create for these locations and their contents on the hourly completion cycle.

what do the files and directory hierarchy look like in the console view of the Array device itself?

I will enable snapshot on a lab server and see if i can duplicate your view as a method to understanding what you are seeing without connecting to your server.

 

Rod

(1)

MMC Snap-in

A plug-in to the Microsoft Management Console. These plug-ins can be arbitrarily grouped into a single, customized MMC view by using the mmc.exe /console command. Microsoft provides many such plug-ins, but third-party vendors such as EMC may also provide plug-ins to manage their own products.

EMC VNX File CIFS Management is an example of an MMC Snap-in that is provided by EMC.