Manualshelf

Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

ManualsBrandsHP ManualsSoftwareHP StorageWorks ISL quick loop
919293949596979899100
Fabric OS Administrator’s Guide 59
53-1002148-02
Audit log configuration
3
NOTE
Only the active CP can generate audit messages because event classes being audited occur only on
the active CP. Audit messages cannot originate from other blades in an enterprise-class platform.
Switch names are logged for switch components and enterprise-class platform names for
enterprise-class platform components. For example, an enterprise-class platform name may be
FWDL or RAS and a switch component name may be zone, name server, or SNMP.
Pushed messages contain the administrative domain of the entity that generated the event. Refer
to the Fabric OS Message Reference for details on event classes and message formats. For more
information on setting up the system error log daemon, refer to the Fabric OS Troubleshooting and
Diagnostics Guide.
NOTE
If an AUDIT message is logged from the CLI, any environment variables will be initialized with proper
values for login, interface, ip and other session information. See the Fabric OS Message Reference
for more information.
Verifying host syslog prior to configuring the audit log
Audit logging assumes that your syslog is operational and running. Before configuring an audit log,
you must perform the following steps to ensure that the host syslog is operational.
1. Set up an external host machine with a system message log daemon running to receive the
audit events that will be generated.
2. On the switch where the audit configuration is enabled, enter the syslogdIpAdd command to
add the IP address of the host machine so that it can receive the audit events.
You can use IPv4, IPv6, or DNS names for the syslogdIpAdd command.
3. Ensure the network is configured with a network connection between the switch and the
remote host.
4. Check the host SYSLOG configuration. If all error levels are not configured, you may not see
some of the audit messages.
Configuring an audit log for specific event classes
1. Connect to the switch from which you want to generate an audit log and log in using an account
with admin permissions.
2. Enter the auditCfg
--class command, which defines the specific event classes to be filtered.
switch:admin> auditcfg --class 2,4
Audit filter is configured.
3. Enter the auditCfg --enable command, which enables audit event logging based on the
classes configured in step 2.
switch:admin> auditcfg --enable
Audit filter is enabled.
To disable an audit event configuration, enter the auditCfg --disable command.