Managing Security Logs And The Security Log File; Saving Security Logs Into The Security Log File - HP 5500 EI Series Configuration Manual
Hide thumbs
Also See for 5500 EI Series:
- Configuration manual (424 pages) ,
- Installation manual (69 pages) ,
- Specifications (47 pages)
Table of Contents
Advertisement
Managing security logs and the security log file
Security logs are very important for locating and troubleshooting network problems. Generally, security
logs are output together with other logs. It is difficult to identify security logs among all logs.
To solve this problem, you can save security logs into a security log file without affecting the current log
output rules.
The configuration of this feature and the management of the security log file are separate, and the
security log file is managed by a privileged user. After logging in to the device, the administrator can
enable the saving security logs into the security log file and configure related parameters. However, only
the privileged user, known as the security log administrator, can perform operations on the security log
file. The privileged user must pass AAA local authentication and log in to the device. No other users
(including the system administrator) can perform operations on the security log file.
A security log administrator is a local user who is authorized by AAA to play the security log
administrator
authorization-attribute user-role security-audit command in local user view.
The system administrator cannot view, copy, and rename the security log file. If they try, the system
displays an "% Execution error" message. The system administrator can view, copy and rename other
types of files.
For more information about local user and AAA local authentication, see Security Configuration Guide.
Saving security logs into the security log file
If this feature is enabled, the system first outputs security logs to the security log file buffer, and then saves
the logs in the security log file buffer into the security log file at a specified interval (the security log
administrator can also manually save security logs into the log file). After the logs are saved, the buffer
is cleared immediately.
The size of the security log file is limited. When the maximum size is reached, the system deletes the
oldest logs and writes new logs into the security log file. To avoid security log loss, you can set an alarm
threshold for the security log file usage. When the alarm threshold is reached, the system outputs a
message to inform the administrator. The administrator can log in to the device as the security log
administrator and back up the security log file to prevent the loss of important data.
By default, security logs are not saved into the security log file. The parameters, such as the saving
interval, the maximum size, and the alarm threshold, have default settings. To modify these parameters,
log in to the device as the system administrator, and then follow the steps in the following table to
configure the related parameters:
To save security logs into the security log file:
Step
1.
Enter system view.
role.
You
can
authorize
Command
system-view
a
security
log
administrator
Remarks
N/A
49
by
executing
the
- Quick Links:
- Configuration Guide
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
