Auditable Event Classes - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 5.3.x administrator guide (5697-0244, november 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
•
By default, all event classes are configured for audit; to create an audit event log for specific events,
you must explicitly set a filter via the class operand and then enable it.
•
Audited events are generated specific to a switch and have no negative impact on performance.
•
All Secure Fabric OS event are audited.
•
Events are not persistently stored on the switch but are streamed to a system message log.
•
The audit log depends on the system message log facility and IP network to send messages from the
switch to a remote host. Because the audit event log configuration has no control over these facilities,
audit events can be lost if the system message log and IP network facilities fail.
•
If too many events are generated by the switch, the system message log will become a bottleneck and
audit events will be dropped by the Fabric OS.
•
If the user name, IP address, or user interface is not transported an audit message is logged by adding
the message None to each of the respective fields.
•
For High Availability, the audit event logs exist independently on both active and standby CPs. The
configuration changes that occur on the active CP are propagated to the standby CP and take effect.
•
Audit log configuration is updated via a configuration download.
See the Fabric OS Command Reference Manual for more information about the auditCfg command and
command syntax.
Auditable event classes
You configure the audit log using the auditCfg command. Before configuring an audit log, you must
select the event classes you want audited. When enabled, the audit log feature audits any RASLOG
messages (system message log) previously tagged as AUDIT in Fabric OS v5.1.0, which includes:
•
SEC-3001 through SEC-3017
•
SEC-3024 through SEC-3029
•
ZONE-3001 through ZONE-3012
Table 6
identifies auditable event classes and auditCfg operands used to enable auditing of a specific
class.
Table 6
AuditCfg Event Class Operands
Operand
Event class
1
Zone
2
Security
3
Configuration
4
Firmware
5
Fabric
NOTE:
occur only on the active CP. Audit messages cannot originate from other blades in a chassis.
Description
Audit zone event configuration changes, but not the actual values
that were changed. For example, you a message might state,
"Zone configuration has changed," but the syslog does not
display the actual values that were changed.
Audit any user-initiated security event for all management
interfaces. For events that have an impact on an entire fabric, an
audit is generated only for the switch from which the event was
initiated.
Audit configuration downloads of existing SNMP configuration
parameters. Configuration uploads are not audited.
Audit firmware download start, firmware complete, and any other
errors encountered during a firmware download.
Audit administrative domain-related changes.
Only the active CP can generate audit messages because event classes being audited
Fabric OS 5.3.0 administrator guide
55
- Quick Links:
- Connecting to the Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
