Saving security logs into the security log file, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

25

CAUTION:

As the default system configurations for different channels are different, you need to disable the output of
log, trap, and debugging information of all modules on the specified channel (console in this example)

first and then configure the output rule as needed so that unnecessary information will not be output.

# Configure the information output rule: allow log information of ARP and IP modules with severity equal
to or higher than informational to be output to the console. (Note that the source modules allowed to

output information depend on the device model.)

[Sysname] info-center source arp channel console log level informational state on

[Sysname] info-center source ip channel console log level informational state on

[Sysname] quit

# Enable the display of log information on a terminal. (Optional, this function is enabled by default.)

terminal monitor

Info: Current terminal monitor is on.

terminal logging

Info: Current terminal logging is on.

After the above configuration takes effect, if the specified module generates log information, the
information center automatically sends the log information to the console, which then displays the

information.

Saving Security Logs into the Security Log File

Network requirements

As shown in

Figure 5

, to efficiently and conveniently view the security events and understand the security

status of the device, you need to make sure of the following:

•

Save security logs into the security log file cfa0:/securitylog/seclog.log at a frequency of one

hour.

•

Only the security log administrator can view the contents of the security log file and back up the

security log file into the FTP server. All other logged-in users cannot view, copy and rename the
security log file.

Figure 5 Network diagram for saving security logs in a specific directory