Using the event log to find intrusion alerts, Using the event log to find intrusion alerts -36 – HP 2600 Series User Manual

9-36

Configuring and Monitoring Port Security
Reading Intrusion Alerts and Resetting Alert Flags

Using the Event Log To Find Intrusion Alerts

The Event Log lists port security intrusions as:

W MM/DD/YY HH:MM:SS FFI: port A3 - Security Violation

where “

W

” is the severity level of the log entry and

FFI

is the system module

that generated the entry. For further information, display the Intrusion Log,
as shown below.

From the CLI.

Type the

log command from the Manager or Configuration

level.

Syntax:

log [search-text ]

For

search-text , you can use ffi, security, or violation. For example:

Figure 9-19. Example of Log Listing With and Without Detected Security Violations

From the Menu Interface:

In the Main Menu, click on

4. Event Log

and use

Next page and Prev page to review the Event Log contents.

For More Event Log Information.

See “Using the Event Log To Identify

Problem Sources” in the “Troubleshooting” chapter of the Management and
Configuration Guide

for your switch.

Web: Checking for Intrusions, Listing Intrusion Alerts,
and Resetting Alert Flags

1.

Check the Alert Log by clicking on the

Status tab and the

[Overview]

button.

If there is a “Security Violation” entry, do the following:

Log Listing with
Security Violation
Detected

Log Listing with No
Security Violation
Detected

Log Command with “security”
for Search String