Saving security logs into the security log file, Introduction – H3C Technologies H3C SecPath F1000-E User Manual
Page 239
16
To do…
Use the command…
Remarks
Manually save the log buffer
content to the log file
logfile save
Optional
Available in any view
By default, the system saves the log
file with the frequency defined by
the info-center logfile
frequency command.
NOTE:
•
To ensure that the device works normally, use the info-center logfile size-quota command to set a log file
to be no smaller than 1 MB and no larger than 10 MB.
•
The info-center logfile switch-directory command is always used when you back up or move files. The
configuration will be invalid after system reboot or the active standby switchover.
Saving Security Logs into the Security Log File
Introduction
You can understand the device status, locate and troubleshoot network problems by viewing system
information, especially the security logs. Generally, all kinds of system information including security logs
is output into one folder, and it is difficult to recognize and check the security logs among all kinds of
system information.
This function enables the system to save the security logs into the security log file in a specific directory
without affecting the current output rules of the system information. It means that the system picks up all
security logs from the system information, copies and saves them into the security log file in a specified
directory when outputting the system information to different destinations. You can perform centralized
management to the security logs and view the security logs conveniently.
The configuration of this feature and the management of the security log file are separated, and the
security log file is managed by a privileged user. After logging in to the device, the administrator can
enable the saving of security logs into the security log file and configure related parameters by executing
the commands listed in
; however, only the privileged user, known as the security log
administrator, can perform operations (refer to
for details) to the security log file after passing the
AAA local authentication and logging in to the device, and other users (including the system
administrator) cannot perform these operations to the security log file.
NOTE:
•
You can authorize a security log administrator by executing the authorization-attribute user-role
security-audit command in local user view.
•
The system administrator cannot view, copy, and rename the security log file; otherwise, the system
prompts “% Execution error”. The system administrator can view, copy and rename other types of files.
•
For more information about local user configuration and AAA local authentication, see
RADIUS
Configuration in the Firewall Web Configuration Manual.
Saving security logs into the security log file
With this feature enabled, when the system outputs the system information to a specified destination, it
copies the security logs at the same time and saves them into the security log file buffer. Then, the system
writes the contents of the security log file buffer into the security log file at a specified frequency (the