Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

1371

Switch management statistics

OS10 monitors user and system activities and provides output-related user login statistics.

Enable login statistics

To monitor system security, allow users to view their own login statistics when they sign in to the system. A large number of

login failures or an unusual login location may indicate a system hacker. Enable the display of login information after a user

successfully logs in; for example:

OS10 login: admin

Password:

Last login: Thu Nov 2 16:02:44 UTC 2017 on ttyS1

Linux OS10 3.16.43 #2 SMP Debian 3.16.43-2+deb8u5 x86_64

...

Time-frame for statistics : 25 days

Role changed since last login : false

Failures since last login : 0

Failures in time period : 1

Successes in time period : 14

OS10#

This feature is available only for the sysadmin and secadmin roles.

● Enable the display of login information in CONFIGURATION mode.

To display information about user logins, use the show login-statistics command.

Enable login statistics

OS10(config)# login-statistics enable

To disable login statistics, use the no login-statistics enable command.

Audit log

To monitor user activity and configuration changes on the switch, enable the audit log. Only the sysadmin and secadmin

roles can enable, view, and clear the audit log.

The audit log records configuration and security events, including:

● User logins and logouts on the switch, failed logins, and concurrent login attempts by a user

● User-based configuration changes recorded with the user ID, date, and time of the change. The specific parameter changes

are not logged.

● Establishment of secure traffic flows, such as SSH, and violations on secure flows

● Certificate issues, including user access and changes made to certificate installation using crypto commands

● Adding and deleting users

Audit log entries are saved locally and sent to configured Syslog servers. To set up a Syslog server, see System logging.

Enable audit log

● Enable configuration and security event recording in the audit log on Syslog servers in CONFIGURATION mode.

logging audit enable

To disable audit logging, use the no logging audit enable command.

View audit log

● Display audit log entries in EXEC mode. By default, 24 entries are displayed, starting with the oldest event. Enter reverse

to display entries starting with the most recent events. You can change the number of entries that display.

show logging audit [reverse] [number]

Security

1377