5 CEE audit logs

CEE audit logs

The CEE audit logs record all changes made by authorized users. This information is always present, irrespective of the configuring entity. Because redundant configuration is not recorded, only configuration changes that have resulted in some change in the running-config file on the system are logged.

In addition to configuration commands, the copy and clear commands, which alter the system state, are logged. On the local system, the logs are maintained in a circular buffer with a capacity of 256 entries. The audit log infrastructure of the Fabric OS is used here and the capacity of 256 entries is shared between the Fabric OS and CEE audit logs.

Table 3 shows the components of the CEE audit logs.

TABLE 13

Format of the CEE audit logs

 

 

 

 

Name

Example

Description

 

 

 

Timestamp

2009/05/12-21:25:57

Date and time at which the log was

 

 

generated

 

 

 

User

Root

User’s login name

Role

Root

User’s RBAC role

IP

10.2.2.47

IP address of the user’s computer

Session

telnet

The virtual console from which the

 

 

user executed the command

 

 

 

Hostname

EL34

Host name of the switch

Mode

Config

The configuration mode in which the

 

 

command was executed

 

 

 

Command

rmon event 15

The CLI command that altered the

 

 

configuration

 

 

 

To configure CEE audit logs, perform these steps from the Fabric OS command shell.

1.CEE audit logging is disabled by default. It must be enabled explicitly by using the auditcfg command from the Fabric OS shell. See the Fabric OS Command Reference Manual Supporting Fabric OS v6.4.0 for details.

switch>auditcfg –-enable

2.The CEE audit logs belong to the CONFIGURATION class of audit logs. The filter for this class must be enabled by using the auditcfg command from the Fabric OS shell. See the Fabric OS Command Reference Manual Supporting Fabric OS v6.4.0 for details.

switch>auditcfg –-class 3

3. Activate privileged EXEC mode.

switch>cmsh switch#enable switch#

42

Converged Enhanced Ethernet Administrator’s Guide

 

53-1002163-02

Page 64
Image 64
Brocade Communications Systems 53-1002163-02 manual CEE audit logs, Activate privileged Exec mode, Name Example Description