Manualshelf

Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620
919293949596979899100
2. On the switch where the audit configuration is enabled, enter the syslogAdmin command to add the IP address of the host
machine so that it can receive the audit events.
You can use IPv4, IPv6, or DNS names for the syslogAdmin command.
3. Ensure the network is configured with a network connection between the switch and the remote host.
4. Check the host syslog configuration. If all error levels are not configured, you may not see some of the audit messages.
Configuring an audit log for specific event classes
1. Connect to the switch from which you want to generate an audit log and log in using an account with admin permissions.
2. Enter the auditCfg --class command, which defines the specific event classes to be filtered.
NOTE
By default, audit log is enabled for all event classes.
switch:admin> auditcfg --class 2,4
Audit filter is configured.
3. Enter the auditCfg --enable command, which enables audit event logging based on the classes configured in step 2.
switch:admin> auditcfg --enable
Audit filter is enabled.
To disable an audit event configuration, enter the auditCfg --disable command.
4. Enter the auditCfg --show command to view the filter configuration and confirm that the correct event classes are being
audited, and the correct filter state appears (enabled or disabled).
switch:admin> auditcfg --show
Audit filter is enabled.
2-SECURITY
4-FIRMWARE
5. Enter the auditDump -s command to confirm that the audit messages are being generated.
Example of the syslog (system message log) output for audit logging
Oct 10 08:52:06 10.3.220.7 raslogd: AUDIT, 2008/10/10-08:20:19 (GMT), [SEC-3020], INFO, SECURITY, admin/
admin/10.3.220.13/telnet/CLI, ad_0/ras007/FID 128, , Event: login, Status: success, Info: Successful login
attempt via REMOTE, IP Addr: 10.3.220.13.
Oct 10 08:52:23 10.3.220.7 raslogd: 2008/10/10-08:20:36, [CONF-1001], 13, WWN 10:00:00:05:1e:34:02:0c | FID
128, INFO, ras007, configUpload completed successfully. All config parameters are uploaded.
Oct 10 09:00:04 10.3.220.7 raslogd: AUDIT, 2008/10/10-08:28:16 (GMT), [SEC-3021], INFO, SECURITY, admin/
NONE/10.3.220.13/None/CLI, None/ras007/FID 128, , Event: login, Status: failed, Info: Failed login attempt
via REMOTE, IP Addr: 10.3.220.13.
Configuring remote syslog servers
Fabric OS supports configuring a switch to forward all error log entries to a remote syslog server, to set the syslog facility to a specified
log file, to remove a syslog server, and to display the list of configured syslog servers. Brocade switches use the syslog daemon, a
process available on most UNIX systems that reads and forwards system messages to the appropriate log files or users, depending on
the system configuration. Up to six servers are supported.
By default, the switch uses UDP protocol to send the error log messages to the syslog server. The default UDP port is 514. Use the -
secure option to configure the switch to send the error log messages securely using the Transport Layer Security (TLS) protocol. TLS is
Performing Advanced Configuration Tasks
Brocade Fabric OS Administration Guide, 8.0.1
53-1004111-02 99