Audit log messages, Ffdc messages – Brocade Network OS Message Reference v4.1.1 User Manual
Page 19
Network OS Message Reference
3
53-1003227-01
Overview of RASLog messages
1
You can display the VCS RASLog messages using the show logging raslog attribute VCS command.
For information on displaying the VCS RASLog messages, refer to
Audit log messages
Event auditing is designed to support post-event audits and problem determination based on
high-frequency events of certain types, such as security violations, firmware downloads, and
configuration. Audit log messages are saved in the persistent storage. The storage has a limit of
1024 entries and will wrap around if the number of messages exceed the limit. The switch can be
configured to stream Audit messages to the specified syslog servers. The Audit log messages are
not forwarded to an SNMP management station.
The following is an example of an Audit log message.
AUDIT,2011/08/26-07:51:32 (GMT), [DCM-2001], INFO, DCMCFG,
root/none/127.0.0.1/rpc/cli,, VDX6720-24, Event: noscli start, Status: success,
Info: Successful login attempt through console from 127.0.0.1.
For any given event, Audit messages capture the following information:
•
User Name - The name of the user who triggered the action.
•
User Role - The access level of the user, such as root or admin.
•
Event Name - The name of the event that occurred.
•
Status - The status of the event that occurred: success or failure.
•
Event Info - Information about the event.
The three event classes described in
can be audited.
You can enable event auditing by configuring the syslog daemon to send the events to a configured
remote host using the logging syslog-server command. You can set up filters to screen out
particular classes of events using the logging auditlog class command (the classes include
SECURITY, CONFIGURATION, and FIRMWARE). All the Audit classes are enabled by default. The
defined set of Audit messages are sent to the configured remote host in the Audit message format,
so that they are easily distinguishable from other syslog events that may occur in the network. For
details on how to configure event auditing, refer to
FFDC messages
First Failure Data Capture (FFDC) is used to capture failure-specific data when a problem or failure
is first noted and before the switch reloads or the trace and log buffer get wrapped. All subsequent
iterations of the same error are ignored. This critical debug information is saved in nonvolatile
storage and can be retrieved by executing the copy support command. The data are used for
debugging purposes. FFDC is intended for use by Brocade technical support.
TABLE 2
Event classes of the Audit messages
Event class
Operand
Description
DCMCFG
CONFIGURATION
You can audit all the configuration changes in the Network OS.
FIRMWARE
FIRMWARE
You can audit the events occurring during the firmware download process.
SECURITY
SECURITY
You can audit any user-initiated security event for all management interfaces.
For events that have an impact on the entire network, an audit is generated
only for the switch from which the event was initiated.