R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
67
To solve this problem, you can save security logs into a security log file without affecting the current log
output rules.
The configuration of this feature and the management of the security log file are separate. The security
log file is managed by a privileged user. After logging in to the device, the administrator can enable the
saving of security logs into the security log file and configure related parameters However, only the
privileged user, known as the security log administrator, can perform operations on the security log file.
The privileged user must pass AAA local authentication and log in to the device. No other users
(including the system administrator) can perform operations on the security log file.
A security log administrator is a local user who is authorized by AAA to play the security log
administrator role. You can authorize a security log administrator by executing the
authorization-attribute user-role security-audit command in local user view.
The system administrator cannot view, copy, or rename the security log file. If they try, the system displays
an "%Execution error" message. The system administrator can view, copy and rename other types of
files.
For more information about local user and AAA local authentication, see Access Control Configuration
Guide.
Saving security logs into the security log file
With this feature enabled, when the system outputs the system information to a specified destination, it
copies the security logs at the same time and saves them into the security log file buffer. Then, the system
writes the contents of the security log file buffer into the security log file at a specified frequency (the
security log administrator can trigger the saving of security logs into the log file manually). After the
contents of the buffer are saved into the security log file successfully, the security log file buffer is cleared
immediately.
The size of the security log file is limited. When the size of the security log file reaches the predefined
maximum value, the system deletes the oldest information and then writes the new information into the
security log file. To avoid security log file loss, you can set the alarm threshold of the security log file
usage. When the alarm threshold is reached, the system outputs the log information to inform the
administrator. In this case, the administrator can log in to the device as the security log administrator, and
then back up the security log file, preventing the loss of important historical data.
By default, security logs are not saved into the security log file. The parameters, such as the saving
interval, the maximum size, and the alarm threshold, have default settings. To modify these parameters,
log in to the device as the system administrator, and then follow the steps in the following table to
configure the related parameters:
To save security logs into the security log file:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the information center.
info-center enable
Optional.
Enabled by default.
3. Enable the saving of the
security logs into the security
log file.
info-center security-logfile enable Disabled by default.
4. Configure the interval for
saving security logs to the
security log file.
info-center security-logfile
frequency freq-sec
Optional.