HP StorageWorks Fabric OS 5.X Diagnostics and System Error Messages Reference Guide (AA-RVHZB-TE, September 2005)

ManualsBrandsHP ManualsStorageHP StorageWorks Core Switch 2/64 power pack

82 Introduction to System Messages

• System console, page 84

System message log (RASLog)

The Fabric OS maintains an internal system message log of all messages. For Fabric OS 5.x, this log is

saved as a RASLog. Features of the system message log include the following:

• The system message log by default saves all messages to nonvolatile storage.

• The system message log can save a maximum of 1024 messages in RAM.

• The system message log is implemented as a circular buffer. When more than maximum entries are

added to the log file, old entries are overwritten by new entries.

• Messages are numbered sequentially from 1 to 2,147,483,647 (0x7ffffff). The sequence number will

continue to increase beyond the storage limit of 1024 messages. The sequence number can be reset to

1 using the errClear command. The sequence number is persistent across power cycles and switch

reboots.

• By default, the errDump and errShow commands display all of the system messages.

• You should configure the syslogd facility as a management tool for error logs. This is particularly

important for dual-domain switches, as the syslogd facility saves messages from two CPs as a single file

and in sequential order. See <Link>“System logging daemon” <Link>on page -83 for more information.

Audit logging

Audit messages are enhanced to record more information, for security purposes. They are flagged AUDIT

in the system message log. Currently, the only messages that have the audit flag set are

SEC-3001 to SEC-3017 and ZONE-3001 to ZONE-3012.

They provide the following information:

• User Name: The name of the user who triggered the action.

• Role: The role of the user: for example, root or admin.

• Event Name: The name of the event that occurred.

• Status: The status of the event that occurred: success or failure.

• Event Info: Information about the event.

If you are creating an SCC_POLICY and use wildcards such as the asterisk (*), meaning all the

switches in the current fabric, these wildcards are displayed in the audit error message.

An example audit message is as follows:

2004/07/09-02:09:40, [SEC-3001], 181, AUDIT, INFO, User:rick, role: admin, Event:

secpolicy create, status:success, Info: Create SCC_POLICY policy, with * entries.

Only certain commands generate an AUDIT message in the system message log.

The commands that generate SEC AUDIT messages are as follows:

• secModeEnable and secModeDisable

• secPolicyCreate, secPolicyDelete, secPolicyRemove, secPolicyActivate, and

secPolicySave

• login and logout

• secFCSFailover

• secTransAbort

• secStatsReset

• secTempPasswdSet and secTempPasswdReset

• aaaConfig

• authUtil

The commands that generate ZONE AUDIT messages are as follows:

• cfgEnable

• cfgDisable

• cfgSave