HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional 100-node License

111

112

113

114

115

116

117

118

119

120

113

The Authorization Log List displays all authorization logs matching the query criteria. To clear the

query criteria, click Reset. The Authorization Log List displays all authorization logs.

Viewing authorization log details

To view detailed information about an authorization log:

1. Click the User tab.

2. Select Device User View > Log Management > AuthZ Logs from the navigation tree.

The Authorization Log List displays all authorization logs.

3. Click the Details icon for the authorization log whose detailed information you want to view.

Authorization log details contents

 Login Name—Username sent by the device to TAM, which is not the username that a device

user entered when logging in to the device. Login name of a device user contains redundant

information, and needs to be extracted. TAM matches the extracted login name against the

account name and authenticates the user. The rules for extracting the login name are

configured in system parameter configuration. For more information, see "Configuring system

parameters."

 Account Name—Account name of the device user. Accounts with the name followed by

#delete0# are cancelled accounts.

 Device User Group—Device user group to which the device user belongs.

 Result—Authorization result, Permit or Deny.

 Failure Reason—Reason for the deny action. If the authorization result is Permit, this field is

empty.

 Authorization Time—Date and time when TAM performed the authorization, in the format of

YYYY-MM-DD hh:mm:ss.

 Profile Attribute—Attribute that TAM assigns to the shell profile that applies to the device user.

A profile attribute consists of multiple attributes in the form (attribute=value). Different attributes

are separated by a semicolon (;).

 Privilege Level—Enter the privilege level of the device user. TAM queries authorization logs of

device users of the specified level.

 CLI—Command executed by the device user at the CLI. If the authorization log is a login

authorization log, this field is empty.

 Authorization Policy Name—Authorization policy used by the device user.

 Device IP—IP address of the device to which the device user logs in.

 User IP—IP address of the device user.

 Terminal—Terminal that a device user uses to log in to the device. For example, when a user

Telnets to the device, this field displays VTY 0, VTY 2, and so on. When a user logs in to the

device through the console port, this field displays AUX 0, AUX 1, and so on.

 Session ID—Session ID used for this authorization. For one authorization action, the device and

TAM use the same session ID for packet exchanges.

 Sequence Number—Sequence number of the packets exchanged between the device and

TAM in the same session ID.

4. Click Back to return to Authorization Log List.