Destination and filtering of audit log data, Destination and filtering of audit log data -41 – HP XP P9500 Storage User Manual

Destination and Filtering of Audit Log Data

Audit log data is output to syslog. Because HDLM messages other than audit

log data are also output to syslog, we recommend that you specify the

output destination that is used exclusively for audit log data.

For example, to change the output destination of audit log data to /usr/
local/audlog, specify the following two settings:

•

Specify the following setting in the /etc/syslog.conf file:

local0.info /usr/local/audlog

•

Use the HDLM command's set operation to specify local0 for the audit

log facility:

You can also filter the audit log output by specifying a severity level and type

for the HDLM command's set operation.

Filtering by severity:

The following table lists the severity levels that can be specified.

Table 2-12 Severity Levels That Can Be Specified

Severity

Audit log data to output

Correspondence with syslog

severity levels

0

None

Emergency

1

Alert

2

Critical

Critical

3

Critical and Error

Error

4

Critical, Error, and Warning

Warning

5

Notice

6

Critical, Error, Warning, and Informational

Informational

7

Debug

Filtering by category:

The following categories can be specified:

¢

StartStop

¢

Authentication

¢

ConfigurationAccess

¢

All of the above

For details on how to specify audit log settings, see

Setting Up the HDLM

Functions on page 3-184

.

HDLM Functions

2-41

Hitachi Dynamic Link Manager User Guide (for Linux(R))