User Manual
Audit Trail
60 Enterasys X-Pedition User Reference Manual
The X-Pedition stores the last <n> messages in a local circular buffer. The circular buffer is a
location in system memory allocated by the heap to store system messages before sending them to
the Syslog server or Flash—messages remain in memory until the buffer reaches the maximum
buffer size and begins to replace old messages with new ones. To view the current contents of the
buffer, use the system show syslog buffer command. By default, this buffer keeps the last 50
Syslog messages; however, you can change the buffer size to hold 10–200 messages.
The following example depicts a sample audit trail—you will note that screen output is not limited
to audit messages.
Set Up an Audit Trail on the Console
To configure an Audit Trail for all facilities and log to the console, do the following:
• Set the global message level to display to the console to Audit. This will display Audit,
Warning, Error, and Fatal messages:
Note: To override the global console message severity, reset the severity using the same
command.
2002-10-23 14:10:04 %SYS-A-CLI_MODE_CHANGE, Telnet user (root:134.141.135.129), CLI mode changed to
(configuration).
2002-10-23 14:09:59 %CLI-A-COMMAND_EXEC, Telnet user (root:134.141.135.129), CLI command (enable )
executed
2002-10-23 14:09:59 %SYS-A-CLI_MODE_CHANGE, Telnet user (root:134.141.135.129), CLI mode changed to
(enabled).
2002-10-23 14:09:52 %TELNETD-A-LOGIN, Telnet user (user:134.141.135.129), Telnet user login
2002-10-23 14:09:52 %SYS-A-CLI_MODE_CHANGE, Telnet user (user:134.141.135.129), CLI mode changed to
(guest).
2002-10-23 14:09:52 %SYS-W-NOPASSWD, no password for login, use 'system set password' in Config mode
2002-10-23 14:09:11 %CLI-A-COMMAND_EXEC, Console user (root), CLI command (system show syslog buffer
number 20 ) executed
2002-10-23 14:08:56 %SYS-A-CLI_MODE_CHANGE, Console user (root), CLI mode changed to (enabled).
2002-10-23 14:08:33 %SNMP-I-AGENT_READY, SNMP agent is now ready to send and receive packets
2002-10-23 14:08:32 %SYS-A-CLI_MODE_CHANGE, Console user (root), CLI mode changed to (configuration).
2002-10-23 14:08:27 %CLI-A-COMMAND_EXEC, Console user (root), CLI command (enable ) executed
2002-10-23 14:08:27 %SYS-A-CLI_MODE_CHANGE, Console user (root), CLI mode changed to (enabled).
2002-10-23 14:08:20 %CONS-A-LOGIN, Console user (user), Console user login
2002-10-23 14:08:20 %SYS-A-CLI_MODE_CHANGE, Console user (user), CLI mode changed to (guest).
2002-10-23 14:08:20 %SYS-W-NOPASSWD, no password for login, use 'system set password' in Config mode
2002-10-23 14:08:14 %ACL_LOG-A-DENY, ACL [ixia] on "all-IP" UDP 10.10.1.2:63 -> 11.11.1.2:63
2002-10-23 14:08:14 %ACL_LOG-A-DENY, ACL [ixia] on "all-IP" UDP 10.10.1.2:63 -> 11.11.1.2:63
2002-10-23 14:08:14 %ACL_LOG-A-DENY, ACL [ixia] on "all-IP" UDP 10.10.1.2:63 -> 11.11.1.2:63
2002-10-23 14:08:14 %ACL_LOG-A-DENY, ACL [ixia] on "all-IP" UDP 10.10.1.2:63 -> 11.11.1.2:63
2002-10-23 14:08:14 %ACL_LOG-A-DENY, ACL [ixia] on "all-IP" UDP 10.10.1.2:63 -> 11.11.1.2:63
xp(config)# system set console level audit