Manualshelf

Brocade Fabric OS Administrator's Guide Supporting Fabric OS v6.3.0 (53-1001336-02, November 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class
81828384858687888990
Fabric OS Administrator’s Guide 47
53-1001336-02
Audit log configuration
2
Auditable event classes
Before configuring an audit log, you must select the event classes you want audited. The audit log
includes:
SEC-3001 through SEC-3017
SEC-3024 through SEC-3029
ZONE-3001 through ZONE-3012
Table 6 identifies auditable event classes and the auditCfg command operands used to enable
auditing of a specific class.
NOTE
Only the active CP can generate audit messages because event classes being audited occur only on
the active CP. Audit messages cannot originate from other blades in an enterprise-class platform.
Audit events have the following message format:
AUDIT, <Timestamp>, [<Event ID>], <Severity>, <Event Class>, <User
ID>/<Role>/<IP address>/<Interface>,<Admin Domain>/<Switch
name>,<Reserved>,<Event-specific information>
Switch names are logged for switch components and enterprise-class platform names for
enterprise-class platform components. For example, an enterprise-class platform name may be
FWDL or RAS and a switch component name may be zone, name server, or SNMP.
Pushed messages contain the administrative domain of the entity that generated the event. See
the Fabric OS Message Reference for details on message formats. For more information on setting
up the system error log daemon, refer to the Fabric OS Troubleshooting and Diagnostics Guide.
Verifying host syslog prior to configuring the audit log
Audit logging assumes that your syslog is operational and running. Before configuring an audit log,
you must perform the following steps to ensure that the host syslog is operational.
TABLE 6 AuditCfg event class operands
Operand Event class Description
1 Zone Audit zone event configuration changes, but not the actual values that were
changed. For example, a message may state, “Zone configuration has
changed,” but the syslog does not display the actual values that were changed.
2 Security Audit any user-initiated security events for all management interfaces. For
events that have an impact on an entire fabric, an audit is generated only for
the switch from which the event was initiated.
3 Configuration Audit configuration downloads of existing SNMP configuration parameters.
Configuration uploads are not audited.
4 Firmware Audit firmware download start, firmware complete, and any other errors
encountered during a firmware download.
5 Fabric Audit administrative domain-related changes.