11 managing logs, Managing authentication logs, Viewing the authentication log list – H3C Technologies H3C Intelligent Management Center User Manual
Page 114
105
11 Managing logs
TAM records the following types of logs when a device user logs in to manage a device:
•
Authentication log—Records device user login successes and failures. An authentication failure log
also provides the reason for the failure.
•
Authorization log—Includes login authorization logs and CLI authorization logs.
After a device is enabled with the login authorization function, TAM authorizes login privilege
levels for login users and records login authorization logs.
After a device is enabled with CLI authorization, each time a user executes a command, TAM
checks whether the user has the right to execute the command and records a CLI authorization log.
An authorization log result can be Permit or Deny. An authorization Deny log also provides the
reason for the deny action.
•
Audit log—Records device user login and logoff information and user online behaviors.
Managing authentication logs
Authentication logs record device user login successes and failures. An authentication failure log also
provides the reason for the failure. Authentication logs can be exported to a file for future audit.
Viewing the authentication log list
To view the authentication log list:
1.
Click the User tab.
2.
On the navigation tree, select Device User > Log Management > AuthN Logs.
The Authentication Log list displays all authentication logs. It includes the following columns:
{
Result—Authentication results: Succeeded or Failed.
{
Failure Reason—If the authentication result is Failed, this field displays the reason for the failure.
If the authentication result is Succeeded, this field is empty.
{
Login Name—Username sent by the device to TAM, which is not the username that a device
user entered when logging in to the device. Login name of a device user contains redundant
information, and must be extracted. TAM matches the extracted login name against the account
name and authenticates the user. The rules for extracting the login name are configured in
system parameter configuration. For more information, see "
{
Account Name—Account name of the device user. Accounts with the name followed by
#delete0# are cancelled accounts. Click the account name of a device user to view the user
details.
For more information about device user details, see "
."
{
Authentication Time—Date and time when the device user was authenticated, in the format
YYYY-MM-DD hh:mm:ss.
{
Device IP—IP address of the device to which the device user logs in.
{
Details—Click the Details icon for an authentication log to view its details.