GE Multilink ML810 Instruction Manual page 117

CHAPTER 6: ACCESS CONSIDERATIONS
Example 6-6: Security log commands
ML810#
S Date
- ----
I 12-07-2004 9:01:34 A.M CLI:manager console login
I 12-07-2004 5:54:23 P.M SNTP:Date and Time updated from SNTP server
I 12-08-2004 6:09:00 P.M SNTP:Date and Time updated from SNTP server
I 12-09-2004 1:48:56 P.M TELNET:Telnet Session Started
I 12-09-2004 1:49:23 P.M CLI:manager console login
I 12-09-2004 4:26:26 P.M TELNET:Telnet Session Started
I 12-09-2004 4:26:34 P.M CLI:manager console login
I 12-09-2004 6:23:37 P.M SNTP:Date and Time updated from SNTP server
I 12-10-2004 6:38:13 P.M SNTP:Date and Time updated from SNTP server
I 12-11-2004 10:16:24 A.M TELNET:Telnet Session Started
I 12-11-2004 6:52:49 P.M SNTP:Date and Time updated from SNTP server
I 12-12-2004 12:40:35 P.M TELNET:Telnet Session Started
I 12-12-2004 12:40:42 P.M CLI:manager console login
A 12-17-2004 12:05:52 P.M PS:INTRUDER 00:e0:29:6c:a4: fd@port11, packet dropped
A 12-17-2004 12:07:04 P.M PS:INTRUDER 00:50:0f:02:33: b6@port15, packet dropped
A 12-17-2004 12:07:16 P.M PS:INTRUDER 00:e0:29:2a:f0: 3a@port15, packet dropped
ML810#
Clear Logged Events? ['Y' or 'N']
ML810#
S Date
- ----
A 12-17-2004 12:05:52 P.M PS:INTRUDER 00:e0:29:6c:a4: fd@port3, packet dropped
MULTILINK ML810 MANAGED EDGE SWITCH – INSTRUCTION MANUAL
CONFIGURING PORT SECURITY THROUGH THE COMMAND LINE INTERFACE
(such as unexpected behavior). The specific types of logs can be viewed and cleared. The
command displays the log information and the
show log
the log entries. The syntax for these commands is shown below:
show log [1..5|informational|debug|fatal |critical|activity]
clear log [informational|debug|activity |critical|fatal]
The command set the number of lines to be collected in the log before the
set logsize
oldest record is re-written. The syntax for this command is:
set logsize size=<1-1000>
Example 6-6 illustrates the
command indicates the type of log activity in the S column. I indicates informational
entries and A indicates activities which are a result of port-security setup. Notice the
clear log informational
The log shows the most recent intrusion at the top of the listing. If the log is filled when the
switch detects a new intrusion, the oldest entry is dropped off the listing.
As discussed in the prior section, any port can be set to monitor security as well as make a
log on the intrusions that take place. The logs for the intrusions are stored on the switch.
When the switch detects an intrusion on a port, it sets an "alert flag" for that port and
makes the intrusion information available.
The default log size is 50 rows. To change the log size, use the
When the switch detects an intrusion attempt on a port, it records the date and time
stamp, the MAC address, the port on which the access was attempted and the action
taken by ML810 software. The event log lists the most recently detected security violation
attempts. This provides a chronological entry of all intrusions attempted on a specific port.
show log
Time Log Description
---- ---------------
clear log informational
show log
Time Log Description
---- ---------------
and
show log clear log
command clears the informational entries only.
command clears
clear log
commands. The
show log
command.
set logsize
6–9