Audit Log Messages - Brocade Communications Systems StoreFabric SN6500B Reference

1
Overview of system messages
RASLog messages
RASLog messages report significant system events (failure, error, or critical conditions) or
information and are also used to show the status of the high-level user-initiated actions. RASLog
messages are forwarded to the console, to the configured syslog servers, and to the SNMP
management station through the Simple Network Management Protocol (SNMP) traps or informs.
The following is an example of a RASLog system message.
2012/10/25-17:51:05, [C3-1001], 937, CHASSIS, ERROR, switch, Port 18 failed due to
SFP validation failure. Check if the SFP is valid for the configuration.
For information on displaying and clearing the RASLog messages, refer to
message logs and attributes"

Audit log messages

Event auditing is designed to support post-event audits and problem determination based on
high-frequency events of certain types such as security violations, zoning configuration changes,
firmware downloads, and certain types of fabric events. Audit messages flagged as AUDIT are not
saved in the switch error logs. The switch can be configured to stream Audit messages to the switch
console and to forward the messages to specified syslog servers. The Audit log messages are not
forwarded to an SNMP management station. There is no limit to the number of audit events.
The following is an example of an Audit message.
0 AUDIT, 2012/10/14-06:07:33 (UTC), [SULB-1003], INFO, FIRMWARE,
admin/admin/192.0.2.2/telnet/CLI ad_0/switch, , Firmwarecommit has started.
For any given event, Audit messages capture the following information:
•
•
•
•
The seven event classes described in
TABLE 1
Operand Event class
1
2
3
4
5
2
User Name - The name of the user who triggered the action.
User Role - The access level of the user, such as root or admin.
Event Name - The name of the event that occurred.
Event Information - Information about the event.
Event classes
Description
Zone You can audit zone event configuration changes, but not the actual
values that were changed. For example, you may receive a message
that states "Zone configuration has changed," but the message
does not display the actual values that were changed.
Security You can audit any user-initiated security event for all management
interfaces. For events that have an impact on the entire fabric, an
audit is only generated for the switch from which the event was
initiated.
Configuration You can audit configuration downloads of existing SNMP
configuration parameters. Configuration uploads are not audited.
Firmware You can audit configuration downloads of existing SNMP
configuration parameters. Configuration uploads are not audited.
Fabric You can audit Administration Domain-related changes.
on page 17.
Table 1 can be audited.
"Displaying system
Fabric OS Message Reference
53-1002749-01