HP VPN Firewall Appliances System Management and Maintenance Configuration Guide
78
Managing security logs and the security log file
Security logs are very important for locating and troubleshooting network problems. Generally, security
logs are output together with other logs. It is difficult to identify security logs among all logs.
To solve this problem, you can save security logs into a security log file without affecting the current log
output rules. The security log file is managed by a privileged user. The administrator can enable the
saving of security logs into the security log file and configure related parameters. However, only the
privileged user, known as the security log administrator, can perform operations on the security log file.
The privileged user must pass AAA local authentication to log in to the device.
A security log administrator is a local user who is authorized by AAA as the security log administrator.
You can authorize a security log administrator by executing the authorization-attribute user-role
security-audit command in local user view.
The system administrator cannot view, copy, or rename the security log file. If they try, the system displays
an "%Execution error" message. The system administrator can view, copy and rename other types of
files.
For more information about local user and AAA local authentication, see Access Control Configuration
Guide.
Saving security logs into the security log file
After you enable the saving of the security logs into the security log file, the system first outputs security
logs to the security log file buffer, and then saves the logs from the security log file buffer to the security
log file at a specified interval (the security log administrator can also manually save security logs into the
log file). After the logs are saved, the buffer is cleared immediately.
The size of the security log file is limited. If the maximum size is reached, the system deletes the oldest log
and writes the new log into the security log file. To avoid losing security logs, you can set an alarm
threshold. When the alarm threshold is reached, the system outputs a message to inform the
administrator. The administrator can log in to the device as the security log administrator and back up the
security log file.
By default, security logs are not saved into the security log file. The parameters, such as the saving
interval, the maximum size, and the alarm threshold, have default settings. To modify these parameters,
log in to the device as the system administrator, and then follow the steps in the following table to
configure the related parameters:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the information center.
info-center enable
Optional.
Enabled by default.
3. Enable the saving of the
security logs into the security
log file.
info-center security-logfile enable Disabled by default.
4. Set the interval for saving
security logs to the security log
file.
info-center security-logfile
frequency freq-sec
Optional.
The default saving interval is 600
seconds.