Security Settings - Cisco TelePresence MX200 Administrator's Manual

Cisco TelePresence MX200 and MX300
Contents

Security settings

Security Audit Logging Mode
Determine where to record or transmit the audit logs. The audit logs are sent to a syslog server.
When using the External/ExternalSecure modes and setting the port assignment to manual in
the Security Audit Server PortAssignment setting, you must also enter the address and port
number for the audit server in the Security Audit Server Address and Security Audit Server Port
settings.
Requires user role: AUDIT
Value space: <Off/Internal/External/ExternalSecure>
Off: No audit logging is performed.
Internal: The system records the audit logs to internal logs, and rotates logs when they are
full.
External: The system sends the audit logs to an external syslog server. The syslog server
must support UDP.
ExternalSecure: The system sends encrypted audit logs to an external syslog server that is
verified by a certificate in the Audit CA list. The Audit CA list file must be uploaded to the
codec using the web interface. The common_name parameter of a certificate in the CA list
must match the IP address of the syslog server, and the secure TCP server must be set up
to listen for secure (TLS) TCP Syslog messages.
Security Audit Logging Mode: Off
Example:
Security Audit OnError Action
Determine what happens when the connection to the syslog server is lost. This setting is only
relevant when Security Audit Logging Mode is set to ExternalSecure.
Requires user role: AUDIT
Value space: <Halt/Ignore>
Halt: If a halt condition is detected the system codec is rebooted and only the auditor is
allowed to operate the unit until the halt condition has passed. When the halt condition has
passed the audit logs are re-spooled to the syslog server. Halt conditions are: A network
breach (no physical link), no syslog server running (or incorrect address or port to the syslog
server), TLS authentication failed (if in use), local backup (re-spooling) log full.
Ignore: The system will continue its normal operation, and rotate internal logs when full.
When the connection is restored it will again send its audit logs to the syslog server.
Security Audit OnError Action: Ignore
Example:
D14850.12 MX200 and MX300 Administrator Guide TC7.3, JULY 2015.
Introduction Web interface System settings System settings
Security Audit Server Address
The audit logs are sent to a syslog server. Enter the IP address of the syslog server. Only valid
IPv4 or IPv6 address formats are accepted. Host names are not supported. This setting is only
relevant when Security Audit Logging Mode is set to External or ExternalSecure.
Requires user role: AUDIT
Value space: <S: 0, 64>
Format: A valid IPv4 address or IPv6 address
Security Audit Server Address: ""
Example:
Security Audit Server Port
The audit logs are sent to a syslog server. Enter the port of the syslog server that the system
shall send its audit logs to. This setting is only relevant when Security Audit PortAssignment is
set to Manual.
Requires user role: AUDIT
Value space: <0..65535>
Range: Select a value between 0 to 65535.
Security Audit Server Port: 514
Example:
Security Audit Server PortAssignment
The audit logs are sent to a syslog server. You can define how the port number of the external
syslog server will be assigned. This setting is only relevant when Security Audit Logging
Mode is set to External or ExternalSecure. To see which port number is used you can check
the Security Audit Server Port status. Navigate to Configuration > System status on the web
interface or; if on a command line interface, run the command xStatus Security Audit Server
Port.
Requires user role: AUDIT
Value space: <Auto/Manual>
Auto: Will use UDP port number 514 when the Security Audit Logging Mode is set to
External. Will use TCP port number 6514 when the Security Audit Logging Mode is set to
ExternalSecure.
Manual: Will use the port value defined in the Security Audit Server Port setting.
Security Audit Server PortAssignment: Auto
Example:
www.cisco.com — Copyright © 2011–2015 Cisco Systems, Inc. All rights reserved.
89
Administrator Guide
Setting passwords Appendices