Verifying Host Syslog Prior To Configuring The Audit Log; Configuring An Audit Log For Specific Event Classes - HP StoreFabric SN6500B Administrator's Manual
Fabric os administrator's guide, 7.1.0 (53-1002745-02, march 2013)
Hide thumbs
Also See for StoreFabric SN6500B:
- Update manual (9 pages) ,
- Administrator's manual (108 pages) ,
- Quickspecs (24 pages)
Table of Contents
Advertisement
3
Audit log configuration
NOTE
Only the active CP can generate audit messages because event classes being audited occur only on
the active CP. Audit messages cannot originate from other blades in a Backbone.
Switch names are logged for switch components and Backbone names for Backbone components.
For example, a Backbone name may be FWDL or RAS and a switch component name may be zone,
name server, or SNMP.
Pushed messages contain the administrative domain of the entity that generated the event. Refer
to the Fabric OS Message Reference for details on event classes and message formats. For more
information on setting up the system error log daemon, refer to the Fabric OS Troubleshooting and
Diagnostics Guide.
NOTE
If an AUDIT message is logged from the CLI, any environment variables will be initialized with proper
values for login, interface, IP and other session information. Refer to the Fabric OS Message
Reference for more information.
Verifying host syslog prior to configuring the audit log
Audit logging assumes that your syslog is operational and running. Before configuring an audit log,
you must perform the following steps to ensure that the host syslog is operational.
1. Set up an external host machine with a system message log daemon running to receive the
2. On the switch where the audit configuration is enabled, enter the syslogdIpAdd command to
3. Ensure the network is configured with a network connection between the switch and the
4. Check the host syslog configuration. If all error levels are not configured, you may not see some
Configuring an audit log for specific event classes
Use the following procedure to configure an audit log for specific event classes:
1. Connect to the switch from which you want to generate an audit log and log in using an account
2. Enter the auditCfg --class command, which defines the specific event classes to be filtered.
3. Enter the auditCfg --enable command, which enables audit event logging based on the classes
108
audit events that will be generated.
add the IP address of the host machine so that it can receive the audit events.
You can use IPv4, IPv6, or DNS names for the syslogdIpAdd command.
remote host.
of the audit messages.
with admin permissions.
switch:admin> auditcfg --class 2,4
Audit filter is configured.
configured in
step
2.
switch:admin> auditcfg --enable
Audit filter is enabled.
To disable an audit event configuration, enter the auditCfg --disable command.
Fabric OS Administrator's Guide
53-1002745-02
- Quick Links:
- Performing Basic Configuration Tasks
Hide quick links:
Advertisement
Table of Contents
