Managing security logs, Managing authentication violation logs, Managing authentication – H3C Technologies H3C Intelligent Management Center User Manual
Page 498: Violation logs
480
Managing security logs
Security logs record the security events that occur when a user is authenticated or accesses the Internet.
Operators can analyze security logs to identify security risks in the network and to enhance network
security. Security logs appear in the navigation tree only when the EAD component is installed. For more
information about security logs, see HP IMC EAD Security Policy Administrator Guide.
Managing authentication violation logs
In access policies, you can set the monitor mode or offline mode for the following detection items:
•
Setting up proxy servers
•
Setting IE proxy
•
Using multiple NICs
•
Using multiple operation systems
•
Configuring multiple IP addresses on a single NIC
•
Modifying MAC addresses
•
Configuring duplicate MAC addresses
•
Using the VMware NAT service
•
Using the VMware USB service
•
Running the iNode client on a virtual machine
•
Obtaining IP addresses through unauthorized DHCP servers
If you set the monitor mode for detection items, the iNode client reports the violations for UAM to
generate authentication violation logs.
If you set the offline mode for detection items, the iNode client immediately closes the network connection
once a violation is detected.
UAM clears outdated authentication violation logs every day for higher database performance. The
retention time of the authentication violation logs is determined by the service parameter Log Lifetime. For
more information about the service parameter, see "
32 Configuring global system settings
For more information about access policies, see "
."
Accessing the authentication violation log list page
1.
Click the User tab.
2.
Select User Access Log > Authentication Violation Log from the navigation tree.
The authentication violation log list displays all authentication violation logs.
Authentication violation log list contents
{
Account Name—Access account name that is used when the authentication violation occurs.
{
Login Name—Login username of the account that is used when the authentication violation
occurs.
{
User IP Address—IPv4 address of the violating user.
{
User MAC Address—MAC address of the violating user.
{
User IPv6 Address—IPv6 address of the violating user.
{
Violation Time—Time when the iNode client detects the violation.