Cisco Systems 15310-MA 5.3 Audit Trail

5-7

Cisco ONS 15310-MA SDH Reference Manual, Release 9.1 and Release 9.2

78-19417-01

Chapter 5 Security

Audit Trail

• Secure shell—Superusers can select secure shell (SSH) instead of Telnet at the CTC Provisioning >

Security > Access tab. SSH is a terminal-remote host Internet protocol that uses encrypted links. It

provides authentication and secure communication over channels that are not secure. Port 22 is the

default port and cannot be changed.

5.3 Audit Trail

The ONS 15310-MA SDH maintain a GR-839-CORE-compliant audit trail log that resides on the

15310E-CTX-K9 cards. Audit trails are useful for maintaining security, recovering lost transactions, and

tracing user activities. The audit trail log shows who has accessed the node and what operations were

performed during a given period of time. The log includes authorized Cisco support logins and logouts

using the operating system command line interface (CLI), CTC, and TL1; the log also includes FTP actions,

circuit creation/deletion, and user/system generated actions.

Event monitoring is also recorded in the audit log. An event is defined as a change in status of an element

within the network. External events, internal events, attribute changes, and software upload/download

activities are recorded in the audit trail.

To view the audit trail log, refer to the Cisco ONS 15310-MA SDH Procedure Guide. Users can access

the audit trail logs from any management interface (CTC, Cisco Transport Manager [CTM], or TL1).

The audit trail is stored in persistent memory and is not corrupted by processor switches or upgrades.

Note The ONS 15310-MA SDH do not support a real-time clock with battery backup. Therefore, when you

reset 15310E-CTX-K9 card, the audit log is reset to 1970 until you set the date and time again.

Audit trail records capture various types of activities. Individual audit entries contain some or all of the

following information:

• User—Name of the user performing the action

• Host—Host from where the activity is logged

• Device ID—IP address of the device involved in the activity

• Application—Name of the application involved in the activity

• Task—Name of the task involved in the activity (view a dialog box, apply configuration, and so on)

• Connection Mode—The service used to connect to the node (for example, Telnet, console, or Simple

Network Management Protocol [SNMP])

• Category—Type of change: Hardware, Software, or Configuration

• Status—Status of the user action: Read, Initial, Successful, Timeout, or Failed

• Time—Time of change

• Message Type—Denotes whether the event succeeded or failed

• Message Details—A description of the change