Managing security logs, Saving security logs into the security log file – H3C Technologies H3C MSR 50 User Manual

Saving system information to a log file (MSR 20-1X)

Task Command

Remarks

Optional.
Disabled by default.

Enable the log file feature.

logfile { enable | disable }

To make the new configuration take
effect, reboot the router.

Display whether the log file feature
is enabled.

display logfile status

Optional.

The following matrix shows the feature and router compatibility:

MSR

900

MSR

930

MSR

2600

Feature

MSR 20-1X MSR 20 MSR 30 MSR 50

Log file feature No No Yes

No No No No

Managing security logs

Security logs are very important for locating and troubleshooting network problems. Generally, security
logs are output together with other logs. It is difficult to identify security logs among all logs.
To solve this problem, you can save security logs into a security log file without affecting the current log

output rules. After logging in to the device, the system administrator can enable the saving of security

logs into the security log file and configure related parameters. However, the system administrator cannot
perform any operations on the security log file. Only the security log administrator who has passed AAA

local authentication and logged in to the device can manage the security log file.
A security log administrator is a local user who is authorized by AAA to play the security log

administrator role.
For more information about local user and AAA local authentication, see Security Configuration Guide.

Saving security logs into the security log file

If this feature is enabled, the system first outputs security logs to the security log file buffer, and then saves
the logs in the security log file buffer into the security log file at a specified interval (the security log

administrator can also manually save security logs into the log file). After the logs are saved, the buffer

is cleared immediately.
The size of the security log file is limited. If the maximum size is reached, the system deletes the oldest log
and writes the new log into the security log file. To avoid losing security logs, you can set an alarm

threshold. When the alarm threshold is reached, the system outputs a message to inform the

administrator. The administrator can log in to the device as the security log administrator and back up

the security log file.
By default, security logs are not saved into the security log file. The parameters, such as the saving
interval, the maximum size, and the alarm threshold, have default settings. To modify these parameters,

log in to the device as the system administrator, and then follow the steps in the following table to

configure the related parameters:

196