Audit log configuration – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 77

Advertising

Network OS NETCONF Operations Guide

53-1003231-02

Audit log configuration

Audit log messages contain user information such as login name and login IP address. The audit
log’s purpose is to enable tracking of important user-originated events in the cluster; this is in
contrast to RASlog messages, which are primarily used for abnormal or error-related events.

When an audit log message is generated on a switch, it is forwarded to the syslog server. To limit
the audit log messages to the syslog server and facilitate monitoring of the audit log messages,
three audit log classes are defined: FIRMWARE, SECURITY, and CONFIGURATION.

You must enable the audit log class to generate the audit log messages for that class. The classes
are enabled by default. To enable or disable the auditing of these classes, perform the following
steps.

1. Issue the <edit-config> RPC to configure the <logging> node in the

urn:brocade.com:mgmt:brocade-ras namespace.

2. Under the <logging> node, include the <auditlog> node element.

3. Under the <auditlog> node, include a <class> node element for each class you want to enable

or disable.

4. Under each <class> node, include a <class> leaf element and specify the class of message

you want to enable or disable.

5. To disable a class, include the delete operation in the <class> node element tag.

The following example enables SECURITY and WARNING messages, but disables CONFIGURATION
messages.

<?xml version="1.0" encoding="UTF-8"?>

<edit-config>

</target>

<class xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"

operation="delete">

<class>CONFIGURATION</class>

</class>

<class>

<class>WARNING</class>

</class>

<class>

<class>SECURITY</class>

</class>

</auditlog>

</logging>

</config>

</edit-config>

</rpc>

<rpc-reply message-id="325" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<ok/>

</rpc-reply>

Advertising