Alcatel-Lucent Security Management Server (SMS) Release 9.4 Technical Overview page 37
Hide thumbs
Also See for Security Management Server (SMS) Release 9.4:
- Installation manual (138 pages)
Table of Contents
Advertisement
Alcatel-Lucent VPN Firewall Brick
• Session Termination reason (if applicable)
• Dynamic rule creation/usage (if enabled)
• Detailed command logging (if enabled)
• Application filter disposition (if enabled)
Administrative Event Logs
Administrative Events are generated by the Brick device for a variety of reasons,
ranging from security audit attack information to simple "re-configuration successful"
messages. Message content for Administrative Events depends strongly on the type of
event; however, all Brick-based events contain a date/time stamp and a physical Brick
device name designator.
Proactive Monitoring Statistic Logs
Proactive Monitoring statistic logs are sent periodically by each Brick device to its
active management server. These logs contain MIB-II-like statistic information, such as
packets in and out each interface, bytes in and out each interface, as well as overall
Brick statistic information, such as CPU busy percentage, along with firewall and VPN
policy statistic information. The default reporting interval of promon statistics log data
by the Brick device is 30 seconds; this interval can be configured.
User Authentication Logs
The User Authentication Log contains messages that record successful or unsuccessful
user authentication requests to the SMS or other external servers, such as RADIUS or
Secure ID servers.
VPN Logs
The VPN Log contains records that pertain to all VPN tunnel transactions including all
errors, events, messages, status, and keying information. The information allows easier
debugging of VPN tunnel problems.
Resiliency of Log Transmission
Log messages are sent via encrypted TCP for reliable, secure delivery of messages. If
no SMS hosts are reachable via TCP, the Brick will queue messages up to available
RAM, and then discard additional ones. Note that the Brick will throttle duplicate log
record transmission to avoid floods based on audit records.
Also, if desired, the Brick device will cease to forward any packets until such time as
an SMS may be reached (this is generally only enabled in the most security-sensitive
applications). The Brick device will choose one of two SMS servers or Compute
...................................................................................................................................................................................................................................
260-100-022R9.4
Issue 1, June 2009
™
Security Appliance
Logging
1-31
Advertisement
Table of Contents
Need help?
Do you have a question about the Security Management Server (SMS) Release 9.4 and is the answer not in the manual?
Questions and answers