Cisco Systems 15454 9.3 Audit Trail

9-7

Cisco ONS 15454 Reference Manual, R7.0

78-17191-01

Chapter 9 Security

9.3 9.3 Audit Trail

Note The superuser cannot modify the privilege level of an active user. The CTC displays a warning message

when the superuser attempts to modify the privilege level of an active user.

9.3 Audit Trail

The Cisco ONS 15454 maintains a Telcordia GR-839-CORE-compliant audit trail log that resides on the

TCC2/TCC2P card. Audit trails are useful for maintaining security, recovering lost transactions, and

enforcing accountability. Accountability refers to tracing user activities; that is, associating a process or

action with a specific user. The audit trail log shows who has accessed the system and what operations

were performed during a given period of time. The log includes authorized Cisco support logins and

logouts using the operating system command line interface (CLI), CTC, and TL1; the log also includes FTP

actions, circuit creation/deletion, and user/system generated actions.

Event monitoring is also recorded in the audit log. An event is defined as the change in status of an

network element. External events, internal events, attribute changes, and software upload/download

activities are recorded in the audit trail.

To view the audit trail log, refer to the Cisco ONS 15454 Procedure Guide. You can access the audit trail

logs from any management interface (CTC, CTM, TL1).

The audit trail is stored in persistent memory and is not corrupted by processor switches, resets, or

upgrades. However, if you remove both TCC2/TCC2P cards, the audit trail log is lost.

Table 9-4 contains the columns listed in Audit Trail window.

Audit trail records capture the following activities:

• User—Name of the user performing the action

• Host—Host from where the activity is logged

• Device ID—IP address of the device involved in the activity

• Application—Name of the application involved in the activity

• Task—Name of the task involved in the activity (view a dialog box, apply configuration, etc.)

• Connection Mode—Telnet, Console, SNMP

• Category—Type of change (Hardware, Software, Configuration)

Table 9-4 Audit Trail Window Columns

Heading Explanation

Date Date when the action occurred

Num Incrementing count of actions

User User ID that initiated the action

P/F Pass/Fail (whether or not the action was executed)

Operation Action that was taken