Dell POWEREDGE M1000E User Manual

Page 108

Advertising
background image

108

Fabric OS Administrator’s Guide

53-1002745-02

Audit log configuration

3

NOTE

Only the active CP can generate audit messages because event classes being audited occur only on
the active CP. Audit messages cannot originate from other blades in a Backbone.

Switch names are logged for switch components and Backbone names for Backbone components.
For example, a Backbone name may be FWDL or RAS and a switch component name may be zone,
name server, or SNMP.

Pushed messages contain the administrative domain of the entity that generated the event. Refer
to the Fabric OS Message Reference for details on event classes and message formats. For more
information on setting up the system error log daemon, refer to the Fabric OS Troubleshooting and
Diagnostics Guide.

NOTE

If an AUDIT message is logged from the CLI, any environment variables will be initialized with proper
values for login, interface, IP and other session information. Refer to the Fabric OS Message
Reference for more information.

Verifying host syslog prior to configuring the audit log

Audit logging assumes that your syslog is operational and running. Before configuring an audit log,
you must perform the following steps to ensure that the host syslog is operational.

1. Set up an external host machine with a system message log daemon running to receive the

audit events that will be generated.

2. On the switch where the audit configuration is enabled, enter the syslogdIpAdd command to

add the IP address of the host machine so that it can receive the audit events.

You can use IPv4, IPv6, or DNS names for the syslogdIpAdd command.

3. Ensure the network is configured with a network connection between the switch and the

remote host.

4. Check the host syslog configuration. If all error levels are not configured, you may not see some

of the audit messages.

Configuring an audit log for specific event classes

Use the following procedure to configure an audit log for specific event classes:

1. Connect to the switch from which you want to generate an audit log and log in using an account

with admin permissions.

2. Enter the auditCfg --class command, which defines the specific event classes to be filtered.

switch:admin> auditcfg --class 2,4
Audit filter is configured.

3. Enter the auditCfg --enable command, which enables audit event logging based on the classes

configured in

step 2

.

switch:admin> auditcfg --enable
Audit filter is enabled.

To disable an audit event configuration, enter the auditCfg --disable command.

Advertising
Popular Brands
Popular manuals