HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional 500-node E-LTU

121

122

123

124

125

126

127

128

129

130

118

Audit log details contents

 Login Name—Username sent by the device to TAM, which is not the username that a device

user entered when logging in to the device. Login name of a device user contains redundant

information, and needs to be extracted. TAM matches the extracted login name against the

account name and authenticates the user. The rules for extracting the login name are

configured in system parameter configuration. For more information, see "Configuring system

parameters."

 Account Name—Account name of the device user. Accounts with the name followed by

#delete0# are cancelled accounts.

 Device User Group—Device user group to which the device user belongs.

 Privilege Level—Privilege level of the device user.

 CLI—Command executed by the device user. This field displays a value only when the Audit

Type is Enter Command At CLI.

 Audit Time—Date and time when the audit was performed, in the format of YYYY-MM-DD

hh:mm:ss.

 Audit Type—Select an audit type from the list. Audit types include Start, Update, End, Enter

Command At CLI, Clear Online Data, and Age Online Data.

 Start indicates the log was generated when a user successfully logged in to a device. End

indicates the log was generated when a user logged off a device. Update indicates the log

was generated when TAM received a watchdog packet periodically sent by an online user to

declare that the user is still online. Enter Command At CLI indicates the log was generated

when a user executed a command at CLI. Clear Online Data indicates the log was generated

when an operator manually cleared online user information. Age Online Data indicates the log

was generated when TAM periodically cleared aged online users according to the Aging Time

specified in the system parameter configuration.

 Device IP—IP address of the device to which the device user logs in.

 User IP—IP address of the device user.

 Terminal—Terminal that a device user uses to log in to the device. For example, when a user

Telnets to the device, this field displays VTY 0, VTY 2, and so on. When a user logs in to the

device through the console port, this field displays AUX 0, AUX 1, and so on.

 Session ID—Session ID used for this audit. For one audit, the device and TAM use the same

session ID for packet exchanges.

 Sequence Number—Sequence number of the packets exchanged between the device and

TAM in the same session ID.

4. Click Back to return to Audit Log List.

Exporting audit logs

The audit log export function allows operators to get a list of audit logs to be exported through the query

function, and then export all audit logs in the audit log list to an export file.

To export audit logs:

1. Click the User tab.

2. Select Device User View > Log Management > Audit Logs from the navigation tree.

The Audit Log List displays all audit logs.

3. Filter the audit logs through basic query or advanced query.