Setup Guide

The security log contains security events and information. RBAC restricts access to audit and security logs based on the CLI sessions’ user
roles. The types of information in this log consist of the following:
Establishment of secure trac ows, such as SSH.
Violations on secure ows or certicate issues.
Adding and deleting of users.
User access and conguration changes to the security and crypto parameters (not the key information but the crypto conguration)
Important Points to Remember
When you enabled RBAC and extended logging:
Only the system administrator user role can execute this command.
The system administrator and system security administrator user roles can view security events and system events.
The system administrator user roles can view audit, security, and system events.
Only the system administrator and security administrator user roles can view security logs.
The network administrator and network operator user roles can view system events.
NOTE: If extended logging is disabled, you can only view system events, regardless of RBAC user role.
Example of Enabling Audit and Security Logs
DellEMC(conf)#logging extended
Displaying Audit and Security Logs
To display audit logs, use the show logging auditlog command in Exec mode. To view these logs, you must rst enable the logging
extended command. Only the RBAC system administrator user role can view the audit logs. Only the RBAC security administrator and
system administrator user role can view the security logs. If extended logging is disabled, you can only view system events, regardless of
RBAC user role. To view security logs, use the show logging command.
Example of the show logging auditlog Command
For information about the logging extended command, see Enabling Audit and Security Logs
DellEMC#show logging auditlog
May 12 12:20:25: DellEMC#: %CLI-6-logging extended by admin from vty0 (10.14.1.98)
May 12 12:20:42: DellEMC#: %CLI-6-configure terminal by admin from vty0 (10.14.1.98)
May 12 12:20:42: DellEMC#: %CLI-6-service timestamps log datetime by admin from vty0
(10.14.1.98)
Example of the show logging Command for Security
For information about the logging extended command, see Enabling Audit and Security Logs
DellEMC#show logging
Jun 10 04:23:40: %STKUNIT0-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user admin on line
vty0 ( 10.14.1.91 )
Clearing Audit Logs
To clear audit logs, use the clear logging auditlog command in Exec mode. When RBAC is enabled, only the system administrator
user role can issue this command.
Example of the clear logging auditlog Command
DellEMC# clear logging auditlog
Management
71