Using The Event Log To Find Intrusion Alerts - HP ProCurve 6120G/XG Manual
Hp procurve series 6120 blade switches access security guide
Hide thumbs
Also See for ProCurve 6120G/XG:
- Configuration manual (662 pages) ,
- Manual (469 pages) ,
- Management manual (222 pages)
Table of Contents
Advertisement
Configuring and Monitoring Port Security
Reading Intrusion Alerts and Resetting Alert Flags
To clear the intrusion from port A1 and enable the switch to enter any
subsequent intrusion for port A1 in the Intrusion Log, execute the port-security
clear-intrusion-flag command. If you then re-display the port status screen, you
will see that the Intrusion Alert entry for port A1 has changed to "No".
(Executing show port-security intrusion-log again will result in the same display
as above, and does not include the Intrusion Alert status.)
ProCurve(config)# port-security a1 clear-intrusion-flag
ProCurve(config)# show interfaces brief
Figure 13-16.Example of Port Status Screen After Alert Flags Reset
For more on clearing intrusions, see "Note on Send-Disable Operation" on
page 13-34
Using the Event Log To Find Intrusion Alerts
The Event Log lists port security intrusions as:
where "
that generated the entry. For further information, display the Intrusion Log,
as shown below.
From the CLI. Type the log command from the Manager or Configuration
level.
Syntax:
For < search-text >, you can use ffi, security, or violation. For example:
13-38
W MM/DD/YY HH:MM:SS FFI: port A3 — Security Violation
" is the severity level of the log entry and
W
log < search-text >
Intrusion Alert on port A1 is now
FFI
is the system module
Hide quick links:
Advertisement
Table of Contents
