3Com 86-0621-000, C36460T Console Output in Telnet Sessions, Audit Log Messaging Enhancements

20ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES

Console Output in Telnet Sessions

With 11.4, all system messages can be displayed to a Telnet session as well as through a terminal attached to the local console port. Administrators will be able to view all important status messages from the Telnet session improving manageability.

Audit Log Messaging Enhancements

Many enhancements are added in the 11.4 release regarding the logging of events. These include:

■In previous releases, only one SYSLOG server on the network could be sent the audit log messages from an Enterprise OS device. With 11.4, the administrator can configure each Enterprise OS device to send it's audit log messages to up to six SYSLOG servers.

■In previous releases, only one SYSLOG server on the network could be sent the audit log messages from an Enterprise OS device. With 11.4, the administrator can configure each Enterprise OS device to send it's audit log messages to up to six SYSLOG servers.

■Persistent logging of events across reboots now available across all platforms. Previously this feature was available only for NETBuilder II and PathBuilder S5xx devices (those devices which could support the partial dump feature). With 11.4, the partial dump feature is extended to the stackable devices (OfficeConnect NETBuilder, SuperStack II NETBuilder SI, and PathBuilder S400 devices), so reasons for spontaneous failures will be logged both on the device and within audit log messages sent to the SYSLOG server(s).

■To provides a clearer understanding of audit log messages, the format of the messages has been changed. There is a different format for those messages sent to a SYSLOG server vs those saved on the device's local audit log buffer. Redundant information was removed and comprehensive definitions are provided. A field was added to indicate message severity (0-7 indicating Emergency, Alert, Critical, Error, Warning, Notice, Info, and Debug).

Changes to audit log messages sent to SYSLOG server(s):

■For the SYSLOG messages, a unique message identifier (starting with 100) has been added. Specific services have been assigned a range of identifying numbers. For example, 100-199 identifies audit log file access status messages … dial history messages are 400-499 … IPsec messages are 600-649 … and Web Link messages are 1400-1499.

■A new message format will have identifying labels. The new syntax is as follows:

priority Seq:SeqNumber Sev:Severity From:Entity/Source Msg:Text

Changes to audit log messages saved on the device's local audit log buffer:

■The new message format will have identifying labels. The new syntax is as follows:

<priority> Seq:SeqNumber Date/Time Sev:Severity From:Entity/Source

Msg:Text

■Audit Log Message Filters are now supported. In previous releases, all audit log messages were sent to the designated SYSLOG server. With 11.4, the administrator can set a LogFilter, whereby specific messages can be sent to specific SYSLOG servers. Messages can be filtered based on service, priority,