HP Intelligent Management Center v5.1 TACACS+ Authentication Manager Administrator Guide

ManualsBrandsHP ManualsComputer AccessoriesHP IMC TACACS+ Authentication Manager additional 500-node License

111

112

113

114

115

116

117

118

119

120

105

10 Managing logs

TAM records the following types of logs when a device user logs in to manage a device:

• Authentication log—Records device user login successes and failures. An authentication failure log

also provides the reason for the failure.

• Authorization log—Includes login authorization logs and CLI authorization logs. After a device is

enabled with the login authorization function, TAM authorizes login privilege levels for login users

and records login authorization logs. After a device is enabled with CLI authorization, each time a

user executes a command, TAM checks whether the user has the right to execute the command and

records a CLI authorization log. An authorization log result can be Permit or Deny. An authorization

Deny log also provides the reason for the deny action.

• Audit log—Records device user login/logoff information as well as user online behaviors.

Managing authentication logs

Authentication logs record device user login successes and failures. An authentication failure log also provides

the reason for the failure. Authentication logs can be exported to a file for future audit.

Viewing the authentication log list

To view the authentication log list:

1. Click the User tab.

2. Select Device User View > Log Management > AuthN Logs from the navigation tree.

The Authentication Log List displays all authentication logs.

Authentication log list contents

 Result—Authentication result, Succeeded or Failed.

 Failure Reason—If the authentication result is Failed, this field displays the reason for the

failure. If the authentication result is Succeeded, this field is empty.

 Login Name—Username sent by the device to TAM, which is not the username that a device

user entered when logging in to the device. Login name of a device user contains redundant

information, and needs to be extracted. TAM matches the extracted login name against the

account name and authenticates the user. The rules for extracting the login name are

configured in system parameter configuration. For more information, see "Configuring system

parameters."

 Account Name—Account name of the device user. Accounts with the name followed by

#delete0# are cancelled accounts. Click the account name of a device user to view the user

details. For more information about device user details, see "Viewing device user details."

 Authentication Time—Date and time when the device user was authenticated, in the format of

YYYY-MM-DD hh:mm:ss.

 Device IP—IP address of the device to which the device user logs in.

 Details—Click the Details icon for an authentication log to view its details.

Navigating the authentication log list