Manualshelf

Brocade Secure Fabric OS Administrator's Guide (53-1000244-01, November 2006)

ManualsBrandsHP ManualsStorageHP StorageWorks 4/32B Full SAN Switch
81828384858687888990
Secure Fabric OS Administrator’s Guide 4-5
Publication Number: 53-1000244-01
4
Displaying and Resetting Secure Fabric OS Statistics
Secure Fabric OS provides several statistics regarding attempted policy violations. This includes events
such as the following:
A DCC policy exists that defines which devices are authorized to access which switch (port)
combinations, and a device that is not listed in the policy tries to access one of the defined switch
(port) combinations.
An attempt is made to log in to an account with an incorrect password.
The statistics for all DCC policies are added together.
Each statistic indicates the number of times the monitored event has occurred since the statistics were
last reset (secStatsReset command). For the Telnet policy, this includes all the automated login attempts
made by the sectelnet or SSH client software, in addition to the actual attempts made by the user.
On dual-CP directors, statistics are maintained separately on each CP and are counted only on the active
CP. If a director fails over from the active to the standby CP, statistics are not replicated to the standby
CP.
The names of the Secure Fabric OS statistics and their definitions are provided in Table 4-2.
N
ote
Rebooting the switch resets all the statistics. Secure Fabric OS statistics also can be monitored through
Fabric Watch.
Table 4-2 Secure Fabric OS Statistics
Statistic Definition
API_POLICY The number of attempted violations to the API policy (includes
automated attempts made by client software).
AUTH_FAIL
(SLAP failures)
The switch received a SLAP that it could not verify, possibly due to
bad certificates, bad signature, the other side not performing SLAP, or
SLAP packets that were received out of sequence. This counter is not
advanced if SLAP protocol does not complete, which can happen when
a switch that does not have secure mode enabled is attached to a switch
that does.
DCC_POLICY The number of attempted violations to the DCC policy.
Note: Fabric OS v4.4.0, v5.0.1, v5.1.0, and v5.2.0 increases the
counter by 1 for each drive in a JBOD; Fabric OS v3.2.0 increases the
counter by 1 for the entire JBOD.
FRONTPANEL_POLICY The number of attempted violations to the Front Panel policy.
HTTP_POLICY The number of attempted violations to the HTTP policy.
ILLEGAL_CMD
(illegal command)
The number of times a command is issued on a switch where it is not
allowed (such as entering secModeDisable on a non-FCS switch).
INCOMP_DB
(incompatible Secure Fabric
OS database)
Secure Fabric OS databases are incompatible; might be due to different
version numbers, time stamps, FCS policies, or secure mode status.