D14850.02 MX Series Administrator Guide (TC5.0) | 2011 NOVEMBER | © 2011 Cisco Systems, Inc. All rights reserved. www.cisco.com
51
Cisco TelePresence MX Series
AdministrAtor guide

TheSecuritysettings

SecurityAuditServerAddress

Enter the external/global IP-address to the audit syslog server. IPv6 is not supported.
NOTE: Requires a restart of the system for any change to take effect.
Requiresuserrole: AUDIT
Valuespace: <S: 0, 64>
Format: String with a maximum of 64 characters.
Example: Security Audit Server Address: ""

SecurityAuditServerPort

Enter the port of the syslog server that the system shall send its audit logs to. The default port is
514.
NOTE: Requires a restart of the system for any change to take effect.
Requiresuserrole: AUDIT
Valuespace: <0..65535>
Range: Select a value from 0 to 65535.
Example: Security Audit Server Port: 514

SecurityAuditOnErrorAction

Describes what actions will be taken if connection to the syslog server is lost. This setting is only
relevant if Security Audit Logging Mode is set to ExternalSecure.
NOTE: Requires a restart of the system for any change to take effect.
Requiresuserrole: AUDIT
Valuespace: <Halt/Ignore>
Halt: If a halt condition is detected the unit is rebooted and only the auditor is allowed to
operate the unit until the halt condition has passed. When the halt condition has passed
the audit logs are re-spooled to the external server. Halt conditions are: A network breach
(no physical link), no external syslog server running (or wrong server address or port), TLS
authentication failed (if in use), local backup (re-spooling) log full.
Ignore: The system will continue its normal operation, and rotate internal logs when full. When
connection is restored it will again send its audit logs to the syslog server.
Example: Security Audit OnError Action: Ignore

SecurityAuditLoggingMode

Describes where the audit logs are recorded or transmitted.
NOTE: Requires a restart of the system for any change to take effect.
Requiresuserrole: AUDIT
Valuespace: <Off/Internal/External/ExternalSecure>
Off: No audit logging is performed.
Internal: The system records the audit logs to internal logs, and rotates logs when they are
full.
External: The system sends the audit logs to an external audit syslog server. The external
server must support TCP.
ExternalSecure: The system sends encrypted audit logs to an external audit server that is
verified by a certificate in the Audit CA list. The Audit CA list file must be uploaded to the
codec using the web interface. The common_name parameter of a certificate in the CA list
must match the IP address of the syslog server.
Example: Security Audit Logging Mode: Off

SecuritySessionShowLastLogon

When logging in to the system using SSH or Telnet you will see the UserId, time and date of the
last session that did a successful login.
Requiresuserrole: ADMIN
Valuespace: <Off/On>
On: Set to On to enable the possibility to show information about the last session.
Off: Set to Off to disable the possibility to show information about the last session.
Example: Security Session ShowLastLogon: Off

SecuritySessionInactivityTimeout

Determines how long the system will accept inactivity from the user before he is automatically
logged out.
Requiresuserrole: ADMIN
Valuespace: <0..10000>
Range: Select a value from 0 to 10000 seconds. 0 means that inactivity will not enforce
automatically logout.
Example: Security Session InactivityTimeout: 0
Introduction
Table of contents
Web interface
Advanced settings
Appendices
Advanced settings