488Chapter 10 Configuring system settings

Configuring RADIUS auditing using the CLI

You can configure the Nortel SNAS 4050 cluster to include a RADIUS server to receive log messages about commands executed in the CLI or the SREM, for audit purposes.

About RADIUS auditing

An event is generated whenever a system user logs on, logs off, or issues a command from a CLI session. The event contains information about user name and session ID, as well as the name of executed commands. You can configure the system to send the event to a RADIUS server for audit trail logging, in accordance with RFC 2866 (RADIUS Accounting).

If auditing is enabled but no RADIUS server is configured, events will still be generated to the event log and any configured syslog servers.

When you add an external RADIUS audit server to the configuration, the server is automatically assigned an index number. You can add several RADIUS audit servers, for backup purposes. Nortel SNAS 4050 auditing will be performed by an available server with the lowest index number. You can control audit server usage by reassigning index numbers (see “Managing RADIUS audit servers using the CLI” on page 490).

For information about configuring a RADIUS accounting server to log portal user sessions, see “Configuring RADIUS accounting using the CLI” on page 146.

About the vendor-specific attributes

The RADIUS audit server uses Vendor-Id and Vendor-Type attributes in combination to identify the source of the audit information. The attributes are sent to the RADIUS audit server together with the event log information.

Each vendor has a specific dictionary. The Vendor-Id specified for an attribute identifies the dictionary the RADIUS server will use to retrieve the attribute value. The Vendor-Type indicates the index number of the required entry in the dictionary file.

320818-A

Page 488
Image 488
Nortel Networks 4050 manual Configuring Radius auditing using the CLI, About Radius auditing