Exporting audit logs – H3C Technologies H3C Intelligent Management Center User Manual
Page 128
119
{
Login Name—Username sent by the device to TAM, which is not the username that a device
user enters when logging in to the device. The login name of a device user contains redundant
information, and must be extracted. TAM matches the extracted login name against the account
name and authenticates the user. The rules for extracting the login name are configured in
system parameter configuration. For more information, see "
{
Account Name—Account name of the device user.
Accounts with the name followed by #delete0# are cancelled accounts.
{
Device User Group—Device user group to which the device user belongs.
{
Privilege Level—Privilege level of the device user.
{
CLI—Command executed by the device user.
This field displays a value only when the Audit Type is Enter Command At CLI.
{
Audit Time—Date and time when the audit was performed, in the format YYYY-MM-DD
hh:mm:ss.
{
Audit Type—Select an audit type from the list. Options are:
−
Start—The log was generated when a user successfully logged in to a device.
−
End—The log was generated when a user logged off a device.
−
Update—The log was generated when TAM received a watchdog packet periodically sent
by an online user to declare that the user is still online.
−
Enter Command At CLI—The log was generated when a user executed a command at CLI.
−
Clear Online Data—The log was generated when an operator manually cleared online user
information.
−
Age Online Data—The log was generated when TAM periodically cleared aged online
users according to the Aging Time specified in the system parameter configuration.
{
Device IP—IP address of the device to which the device user logs in.
{
User IP—IP address of the device user.
{
Terminal—Terminal used by a device user to log in to the device. For example, when a user logs
into the device using Telnet, this field displays VTY 0, VTY 2, and so on. When a user logs in to
the device through the console port, this field displays AUX 0, AUX 1, and so on.
{
Session ID—Session ID used for this audit. For one audit, the device and TAM use the same
session ID for packet exchanges.
{
Serial Number—Serial number of the packets exchanged between the device and TAM in the
same session ID.
4.
To return to the Audit Log list, click Back.
Exporting audit logs
The audit log export function allows operators to get a list of audit logs to be exported through the query
function, and then export all audit logs in the list to an export file.
To export audit logs:
1.
Click the User tab.
2.
On the navigation tree, select Device User > Log Management > Audit Logs.
The Audit Log list displays all audit logs.
3.
Filter the audit logs through basic query or advanced query.