User Manual
Enterasys X-Pedition User Reference Manual 59
Audit Trail
Audit Trail
With the X-Pedition’s ability to support multiple user accounts on the same router, it is important to
be able to monitor what administrative changes are performed on the system and who performs
them. The X-Pedition collects this information and outputs it to a console, Syslog server, or Flash
memory in the form of audit log messages which allow you to track information such as the
username, source IP address, and session type. Whenever a user successfully executes a command,
the audit trail entry will specify whether the command was added, modified, or removed from the
configuration. If the command does not execute properly, the audit trail indicates a failure.
Audit Messages
Audit messages are used as an audit trail to aid in keeping the router secure by reporting events as
they occur and information about the user who caused each event. When reporting an audit
message, the X-Pedition lists the following information prior to the message text.
<user session type> user(<user name>: <from IP address>)
Note: Values for user session type are Console, Telnet, SSH, and SNMP.
Example:
Telnet user(fred:192.168.189.52)
On the Syslog server, you can decide what to do with these messages based on their levels and the
facility with which they are associated (i.e., discard the messages or write them to file). When
writing this information to file, the Syslog logging method allows you to identify the server to
which the X-Pedition should send the messages. Please note that audit messages are a subset of all
system messages and are available only for a limited subset of facilities.
Facility Description
Console Login
Telnet Telnet Login
VLAN VLAN Creation/Modification
ACL ACL Creation/Modification/Application
SYS Port Manipulation
User Creation/Modification
Password Manipulation
SNMP SNMP Modifications
Syslog Syslog Modification
SSH Enable/Disable SSH
Configuration Configuration File Changes
ACL_LOG ACL denied access attempts