Managing security logs, Saving security logs into the security log file, Managing the security log file – H3C Technologies H3C MSR 5600 User Manual
Page 222
209
Managing security logs
Security logs are very important for locating and troubleshooting network problems. Generally, security
logs are output together with other logs. It is difficult to identify security logs among all logs.
To solve this problem, you can save security logs into a security log file without affecting the current log
output rules.
Saving security logs into the security log file
After you enable the saving of the security logs into the security log file, the system first outputs security
logs to the security log file buffer, and then saves the logs from the security log file buffer into the security
log file at a specified interval (the security log administrator can also manually save security logs into the
log file). After the security logs are saved, the buffer is cleared immediately.
The security log file has a specific capacity. When the capacity is reached, the system will replace
earliest security logs with new logs. To avoid security log loss, you can set an alarm threshold for the
security log file usage. When the alarm threshold is reached, the system outputs a message to inform the
administrator. The administrator can log in to the device as the security log administrator and back up
the security log file to prevent the loss of important data.
To save security logs into the security log file:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable the information center. info-center enable
By default, the information center is
enabled.
3.
Enable the saving of the
security logs into the security
log file.
info-center security-logfile enable
By default, the function is disabled.
4.
Set the interval at which the
system saves security logs.
info-center security-logfile
frequency freq-sec
The default saving interval is
86400 seconds.
5.
(Optional.) Set the maximum
size of the security log file.
info-center security-logfile
size-quota size
The default setting is 10 MB.
6.
(Optional.) Set the alarm
threshold of the security log
file usage.
info-center security-logfile
alarm-threshold usage
By default, the alarm threshold of
the security log file usage is 80.
When the usage of the security log
file reaches 80%, the system will
inform the user.
Managing the security log file
To manage and maintain the security log file, the security log administrator must pass local AAA
authentication first. For more information about security log administrator, see Security Configuration
Guide.
To manage the security log file: