Security log audit trail, Security log audit trail 2-138 – Nortel Networks OPTera Metro 3500 User Manual
Page 176
2-138 Operation, administration, and maintenance (OAM) features
OPTera Metro 3500 Multiservice Platform NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004
OPTera Metro allows any user with a UPC level 4 and above to add, delete, or
retrieve the Access Control List (ACL) for a node. Each OPTera Metro
network element supports an ACL which allows a customer to provision nodes
onto an allow or deny list. These lists determine whether or not another node
is allowed to access the relevant node. The ACL provisioner has the flexibility
to define separate outgoing and incoming access. Your customers modify their
own lists but are restricted to incoming access only. In other words, the
customer provisions the nodes that are able to access their node.
An Incoming network violation alarm is raised when a denied node attempts
to gain access.
Security log audit trail
The security log, by default, records all TL1 commands on the network
element that require level 2 access or higher with the following level 1
command exceptions:
•
ACT-USER, CANC-USER, ED-SECU-PID
•
ALW-MSG-ALL
•
INH-MSG-ALL
The caption of the security log includes the following:
•
date and time of the event
•
user identification
•
type of event
•
names of resources accessed
•
success or failure of event
The following events are recorded in the security log:
•
all user login and logouts
•
invalid user authentication attempts (as well as alarm/alerts generated due
to invalid authentication attempts)
•
authorized commands (according to user class)
•
changes made in a users security profiles and attributes
•
changes made in security profiles and attributes associated with a channel
or port
•
changes made in the network element’s security configuration
These logs are archived in a circular buffer resident on the SPx or NPx and
accessible through Site Manager’s Security menu. The circular buffer has a
capacity of 600 logs per node (estimated 1 week’s activity). Logging on to
Preside or Site Manager is not recorded. The Login is limited to operations on
Site Manager/Preside that invoke (directly or indirectly) TL1 commands and