TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 50
The TMS zl Module is now ready for initial configuration.
9.2.5 Initial Log Settings
Logging is a key factor to completing a secure configuration and provides a
foundation for analyzing security events or network troubleshooting. The
following should be used as a baseline log configuration for a TMS zl Module
installation. Each specific installation will have different configuration needs
to meet the requirements of the unique infrastructure. For more details on log
configuration, see see the Configure Event Logging sections in either the
Initial Setup in Routing Mode or Initial Setup in Monitor Mode chapters of
the HP ProCurve Threat Management Services zl Module Management and
Configuration Guide.
9.2.5.1 Log Overview
There are four mechanisms for logging security events that the TMS zl Module
detects:
• Local logging—The module keeps its own internal logs, which may be
exported to a compressed .tar file.
• Email forwarding—The module can send alerts to as many as three
email accounts.
• Syslog forwarding—The module can forward log entries to up to three
syslog servers.
• SNMP traps—The module can forward SNMP traps to one or more
SNMP servers, such as ProCurve Manager Plus (PCM+).
Log entries are sent from the following sources:
• Security systems (firewall, IPS, VPN, high availability)
• Open architecture system
• Startup scripts (initialization, reboot)
• Management systems (Web browser, CLI, SNMP)
• Common services (DHCP relay, DNS client, TFTP, SCP, RADIUS
client, LDAP client, and others)
To view or export local logs, select System > Logging > View Log.