Setup Guide
Enabling Audit and Security Logs
You enable audit and security logs to monitor conguration changes or determine if these changes aect the operation of the system in the
network. You log audit and security events to a system log server, using the logging extended command in CONFIGURATION mode. This
command is available with or without RBAC enabled. For information about RBAC, see Role-Based Access Control.
Audit Logs
The audit log contains conguration events and information. The types of information in this log consist of the following:
• User logins to the switch.
• System events for network issues or system issues.
• Users making conguration changes. The switch logs who made the conguration changes and the date and time of the
change. However, each specic change on the conguration is not logged. Only that the conguration was modied is logged with the
user ID, date, and time of the change.
• Uncontrolled shutdown.
Security Logs
The security log contains security events and information. RBAC restricts access to audit and security logs based on the CLI sessions’ user
roles. The types of information in this log consist of the following:
• Establishment of secure trac ows, such as SSH.
• Violations on secure ows or certicate issues.
• Adding and deleting of users.
• User access and conguration changes to the security and crypto parameters (not the key information but the crypto conguration)
Important Points to Remember
When you enabled RBAC and extended logging:
• Only the system administrator user role can execute this command.
• The system administrator and system security administrator user roles can view security events and system events.
• The system administrator user roles can view audit, security, and system events.
• Only the system administrator and security administrator user roles can view security logs.
• The network administrator and network operator user roles can view system events.
NOTE
: If extended logging is disabled, you can only view system events, regardless of RBAC user role.
Example of Enabling Audit and Security Logs
Dell(conf)#logging extended
Displaying Audit and Security Logs
To display audit logs, use the show logging auditlog command in Exec mode. To view these logs, you must rst enable the logging
extended command. Only the RBAC system administrator user role can view the audit logs. Only the RBAC security administrator and
system administrator user role can view the security logs. If extended logging is disabled, you can only view system events, regardless of
RBAC user role. To view security logs, use the show logging command.
64
Switch Management