beautypg.com

Duplicate pwwn handling during device login – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 93

background image

1. Set up an external host machine with a system message log daemon running to receive the audit

events that will be generated.

2. On the switch where the audit configuration is enabled, enter the syslogdIpAdd command to add

the IP address of the host machine so that it can receive the audit events.

You can use IPv4, IPv6, or DNS names for the syslogdIpAdd command.

3. Ensure the network is configured with a network connection between the switch and the remote host.
4. Check the host syslog configuration. If all error levels are not configured, you may not see some of

the audit messages.

Configuring an audit log for specific event classes

1. Connect to the switch from which you want to generate an audit log and log in using an account with

admin permissions.

2. Enter the auditCfg --class command, which defines the specific event classes to be filtered.

switch:admin> auditcfg --class 2,4

Audit filter is configured.

3. Enter the auditCfg --enable command, which enables audit event logging based on the classes

configured in step 2.

switch:admin> auditcfg --enable

Audit filter is enabled.

To disable an audit event configuration, enter the auditCfg --disable command.

4. Enter the auditCfg --show command to view the filter configuration and confirm that the correct

event classes are being audited, and the correct filter state appears (enabled or disabled).

switch:admin> auditcfg --show

Audit filter is enabled.

2-SECURITY

4-FIRMWARE

5. Enter the auditDump -s command to confirm that the audit messages are being generated.

Example of the syslog (system message log) output for audit logging

Oct 10 08:52:06 10.3.220.7 raslogd: AUDIT, 2008/10/10-08:20:19 (GMT), [SEC-3020],

INFO, SECURITY, admin/admin/10.3.220.13/telnet/CLI, ad_0/ras007/FID 128, , Event:

login, Status: success, Info: Successful login attempt via REMOTE, IP Addr:

10.3.220.13.

Oct 10 08:52:23 10.3.220.7 raslogd: 2008/10/10-08:20:36, [CONF-1001], 13, WWN

10:00:00:05:1e:34:02:0c | FID 128, INFO, ras007, configUpload completed

successfully. All config parameters are uploaded.

Oct 10 09:00:04 10.3.220.7 raslogd: AUDIT, 2008/10/10-08:28:16 (GMT), [SEC-3021],

INFO, SECURITY, admin/NONE/10.3.220.13/None/CLI, None/ras007/FID 128, , Event:

login, Status: failed, Info: Failed login attempt via REMOTE, IP Addr: 10.3.220.13.

Duplicate PWWN handling during device login

If a device attempts to log in with the same port WWN (PWWN) as another device on the same switch,
you can configure whether the new login or the existing login takes precedence.

Note that if a device attempts to log in with the same PWWN as another device on a different switch,
both devices are logged out. This section describes what happens with devices logging in on the same
switch.

Configuring an audit log for specific event classes

Fabric OS Administrators Guide

93

53-1003130-01

See also other documents in the category Brocade Computer Accessories: