HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual page 53
Hp storageworks fabric os 6.1.1 administrator guide (5697-0235, december 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (576 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
NOTE:
Only the active CP can generate audit messages because event classes being audited occur only
on the active CP. Audit messages cannot originate from other blades in a Director.
Audit events have the following message format:
AUDIT, <Timestamp>, [<Event ID>], <Severity>, <Event Class>, <User ID>/<Role>/<IP
address>/<Interface>,<Admin Domain>/<Switch name>,<Reserved>,<Event-specific
information>
Switch names are logged for switch components and Director names for Director components. For
example, a Director name may be FWDL or RAS and a switch component name may be zone, name
server, or SNMP.
Pushed messages contain the administration domain of the entity that generated the event. See the Fabric
OS Message Reference for details on message formats.
Audit logging assumes that your syslog is operational and running. Before configuring an audit log, you
must perform the following steps to ensure that the host syslog is operational.
To verify host syslog prior to configuring the audit log:
1.
Set up an external host machine with a system message log daemon running to receive the audit events
that will be generated.
2.
On the switch where the audit configuration is enabled, issue the syslogdipaddrAdd command to
add the IP address of the host machine so that it can receive the audit events.
You can use IPv4, IPv6, or DNS names for the syslogdipaddrAdd command.
3.
Ensure the network is configured with a network connection between the switch and the remote host.
4.
Check the host SYSLOG configuration. If all error levels are not configured, you may not see some of
the audit messages.
To configure an audit log for specific event classes:
See the Fabric OS Command Reference for more information about the auditCfg command and
command syntax.
1.
Connect to the switch from which you wish to generate an audit log and log in using an account
assigned to the admin role.
2.
Issue the auditCfg
--
switch:admin> auditcfg --class 2,4
Audit filter is configured.
The auditCfg event class operands are identified in
3.
Issue the auditCfg
--
configured in
step
2.
switch:admin> auditcfg --enable
Audit filter is enabled.
To disable an audit event configuration, issue the auditCfg
4.
Issue the auditCfg
--
event classes are being audited, and the correct filter state appears (enabled or disabled).
switch:admin> auditcfg --show
Audit filter is enabled.
2-SECURITY
4-FIRMWARE
class command, which defines the specific event classes to be filtered.
enable command, which enables audit event logging based on the classes
show command to view the filter configuration and confirm that the correct
Table
5.
disable command.
--
Fabric OS 6.1.1 administrator guide
53
Advertisement
Table of Contents
