Saving Security Logs Into The Security Log File - HP 5820X Switch Configuration Manual

Saving security logs into the security log file

Introduction
You can understand the device status, locate and troubleshoot network problems by viewing system
information, especially the security logs. Generally, all kinds of system information including security
logs is output into one folder, and it is difficult to recognize and check the security logs among all
kinds of system information.
This function enables the system to save the security logs into the security log file in a specific
directory without affecting the current output rules of the system information. It means that the system
picks up all security logs from the system information, copies and saves them into the security log file
in a specified directory when outputting the system information to different destinations. You can
perform centralized management to the security logs and view the security logs conveniently.
The configuration of this feature and the management of the security log file are separated, and the
security log file is managed by a privileged user. After logging in to the device, the administrator can
enable the saving of security logs into the security log file and configure related parameters by
executing the commands listed in
log administrator, can perform operations listed in
AAA local authentication and logging in to the device. Other users, including the system
administrator, cannot perform these operations to the security log file.
NOTE:
You can authorize a security log administrator by executing the authorization-attribute user-role
•
security-audit command in local user view.
The system administrator cannot view, copy, and rename the security log file; otherwise, the system
•
prompts "% Execution error". The system administrator can view, copy and rename other types of
files.
For the introduction and configuration of local user and AAA local authentication, see
•
Configuration Guide
Saving security logs into the security log file
With this feature enabled, when the system outputs the system information to a specified destination, it
copies the security logs at the same time and saves them into the security log file buffer. Then, the
system writes the contents of the security log file buffer into the security log file at a specified
frequency (the security log administrator can trigger the saving of security logs into the log file
manually). After the contents of the buffer are saved into the security log file successfully, the security
log file buffer is cleared immediately.
The size of the security log file is limited. When the size of the security log file reaches the predefined
maximum value, the system deletes the oldest information and then writes the new information into the
security log file. To avoid security log file loss, set the alarm threshold of the security log file usage.
When the alarm threshold is reached, the system outputs the log information to inform the
administrator. The administrator can log in to the device as the security log administrator, and then
back up the security log file, preventing the loss of important historical data.
By default, the saving of security logs into the security log file is disabled. The parameters, such as the
saving frequency, the maximum size and the alarm threshold of the security log file usage, have their
default settings. To modify these parameters, you must log in to the device as the system administrator,
and then follow the steps in
Table 12. However, only the privileged user, which is the security
.
Table 12 to configure the related parameters:
240
Table 13 to the security log file after passing the
Security