Using the event log to find intrusion alerts, From the cli, From the menu interface – HP 2800 User Manual

Configuring and Monitoring Port Security

Reading Intrusion Alerts and Resetting Alert Flags

Using the Event Log To Find Intrusion Alerts

The Event Log lists port security intrusions as:

W MM/DD/YY HH:MM:SS FFI: port A3 - Security Violation

where “

W

” is the severity level of the log entry and

FFI

is the system module

that generated the entry. For further information, display the Intrusion Log,
as shown below.

From the CLI.

Type the

log command from the Manager or Configuration

level.

Syntax:

log [search-text ]

For

search-text , you can use ffi, security, or violation. For example:

Log Listing with
Security Violation
Detected

Log Listing with No
Security Violation
Detected

Log Command with “security”
for Search String

Figure 9-19. Example of Log Listing With and Without Detected Security Violations

From the Menu Interface:

In the Main Menu, click on

4. Event Log

and use

Next page and Prev page to review the Event Log contents.

For More Event Log Information.

See “Using the Event Log To Identify

Problem Sources” in the “Troubleshooting” chapter of the Management and
Configuration Guide

for your switch.

Web: Checking for Intrusions, Listing Intrusion Alerts,
and Resetting Alert Flags

1. Check the Alert Log by clicking on the

Status tab and the

[Overview]

button.

If there is a “Security Violation” entry, do the following:

9-35