Configuring Web User Activities To Report To Syslog - AudioCodes Mediant 800B User Manual

User's Manual

54.2.2 Configuring Web User Activities to Report to Syslog

The device can report operations (activities) performed in the Web interface by
management users, by including them in Syslog messages. The Syslog message indicates
these logs with the string, "Activity Log". Each logged user activity includes the following
information:

Username (e.g., "Admin") of the user that performed the action

IP address of the client PC from where the Web user accessed the management
interface

Protocol used for the session (e.g., SSH or HTTP)
The following example shows a Web-user activity log (indicating a login action) with the
above-mentioned information:
14:07:46.300 : 10.15.7.95 : Local 0
[BID=3aad56:32]
10.15.7.95:80. User: Admin. Session: HTTP (10.13.22.54)
The device can report the following Web user activities:

Modifications of individual parameters, for example:
14:33:00.162 : 10.15.7.95 : Local 0
[BID=3aad56:32]
from '3' to '2'. User: Admin. Session: HTTP (10.13.22.54)

Modifications of table fields, and addition and deletion of table rows, for example:
14:42:48.334 : 10.15.7.95 : NOTICE
Activity Log: Classification - remove line 2. User: Admin.
Session: HTTP (10.13.22.54)

Entered CLI commands (modifications of security-sensitive commands are logged
without the entered value).

Configuration file load (reported without per-parameter notifications).

Auxiliary file load and software update.

Device reset and burn to flash memory.

Access to unauthorized Web pages according to the Web user's access level.

Modifications of "sensitive" parameters.

Login and logout.

Actions that are not related to parameter changes (for example, file uploads, file
delete, lock-unlock maintenance actions, LDAP clear cache, register-unregister, and
start-stop trunk. In the Web, these actions are typically done by clicking a button (e.g.,
the LOCK button).
For more information on each of the above listed options, see ''Syslog, CDR and Debug
Parameters'' on page 935.
You can also configure the device to send an SNMP trap each time a user performs an
activity. To enable trap notification, use the parameter, EnableActivityTrap (see
''Configuring SNMP Community Strings'' on page 90).
Notes:
•
You can also view logged user activities in the Web interface (see ''Viewing Web
User Activity Logs'' on page 877).
•
Logging of CLI commands can only be configured through CLI or ini file.
Version 7.0
Activity Log: WEB: Successful login at
Activity Log: Max Login Attempts was changed
873
54. Syslog and Debug Recording
:NOTICE : [S=3149]
:NOTICE : [S=3403]
: [S=3546] [BID=3aad56:32]
Mediant 800B Gateway and E- SBC