API Guide
Table Of Contents
- Dell EMC SmartFabric OS10 Security Best Practices Guide May 2021
- Contents
- OS10 security best practices
Configuration:
OS10(config)# clock timezone standard-timezone UTC
OS10(config)# exit
OS10# write memory
Logging rules
Logging can be used to for error and information notification, security auditing, and network forensics.
Enable logging on the console
Rationale: Enable logging to the console and restrict the severity to critical so that log messages do not affect system
performance.
Configuration:
OS10(config)# logging console enable
OS10(config)# logging console severity log-crit
OS10(config)# exit
OS10# write memory
Enable logging to a syslog server over TLS
Rationale: Enable logging to a syslog server, and secure the connection using TLS.
Configuration:
OS10(config)# logging server {hostname | ipv4–address | ipv6–address} tls [port-number]
[severity severity-level] [vrf {management | vrf-name]
OS10(config)# exit
OS10# write memory
● ipv4–address | ipv6–address—(Optional) Enter the IPv4 or IPv6 address of the logging server.
● tls port-number—(Optional) Send syslog messages using TCP, UDP, or TLS transport to a specified port on a remote
logging server, from 1 to 65535.
● severity-level—(Optional) Set the logging threshold severity:
○ log-emerg—System is unusable.
○ log-alert—Immediate action is needed.
○ log-crit—Critical conditions
○ log-err—Error conditions
○ log-warning—Warning conditions
○ log-notice—Normal, but significant conditions (default)
○ log-info—Informational messages
○ log-debug—Debug messages
● vrf {management | vrf-name}—(Optional) Configure the logging server for the management or a specified VRF
instance.
For more information about configuring X.509v3 PKI certificates, see the Dell EMC SmartFabric OS10 User Guide.
Enable audit logging
Rationale: To monitor user activity and configuration changes on the switch, enable the audit log. Only the sysadmin and
secadmin roles can enable, view, and clear the audit log.
Configuration:
● Configure audit logging.
OS10(config)# logging audit enable
OS10(config)# exit
OS10# write memory
● View audit log.
show logging audit [reverse] [number]
OS10 security best practices
19