Managing authorization logs, Viewing the authorization log list – H3C Technologies H3C Intelligent Management Center User Manual

Page 119

Advertising
background image

110

{

Space

{

Tab

{

Comma (,)

{

Colon (:)

{

Pound sign (#)

{

Dollar sign ($)

This parameter appears only when you select TXT for File Format.

7.

Click OK.
This process might take a few minutes or longer, depending on the amount of authentication logs

to be exported.
After export, the operation result pages show the total number of exported logs and the number of
failures. If failure exists, click Download to download or view the reasons for failure in the

operation log.

8.

To return to the Authentication Log list, click Back.

9.

To view the operation result of the last export operation, click Last Export Result.

Managing authorization logs

Authorization logs have the following types:

Login authorization logs—After a device is enabled with the login authorization function, TAM
authorizes login privilege levels for login users and records login authorization logs.

CLI authorization logs—After a device is enabled with the CLI authorization function, each time a
user executes a command, TAM checks whether the user has the right to execute the command and

records a CLI authorization log.

Authorization log result options are: Permit or Deny. An authorization Deny log also provides the reason

for the deny action.
Authorization logs can be exported to a file for future audit.

Viewing the authorization log list

To view the authorization log list:

1.

Click the User tab.

2.

On the navigation tree, select Device User > Log Management > AuthZ Logs.
The Authorization Log list displays all authorization logs. It includes the following columns:

{

Result—Authorization results: Permit or Deny.

{

Failure Reason—Reason for the deny action. If the authorization result is Permit, this field is
empty.

{

Login Name—Username sent by the device to TAM, which is not the username that a device
user enters when logging in to the device. The login name of a device user contains redundant

information, and must be extracted. TAM matches the extracted login name against the account
name and authenticates the user. The rules for extracting the login name are configured in

system parameter configuration. For more information, see "

Configuring system parameters

."

{

Account Name—Account name of the device user.

Advertising
Popular Brands
Popular manuals