beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 86

background image

75

1.

Configure the SecPath
# Enable the information center.

system-view

[SecPath] info-center enable

# Specify the host 1.2.0.1/16 as the log host. Use channel loghost to output log information
(optional, loghost by default), and use local4 as the logging facility.

[SecPath] info-center loghost 1.2.0.1 channel loghost facility local4

# Disable the output of log, trap, and debugging information of all modules on channel loghost.

[SecPath] info-center source default channel loghost debug state off log state off

trap state off

To avoid outputting unnecessary information, disable the output of log, trap, and debugging
information on the specified channel (loghost in this example) before you configure an output rule.
# Configure an output rule to output to the log host ARP and IP log information that has a severity
level of at least information. (The source modules allowed to output information depend on the

SecPath model.)

[SecPath] info-center source arp channel loghost log level information state on

[SecPath] info-center source ip channel loghost log level information state on

2.

Configure the log host
The following configurations were performed on SunOS 4.0 which has similar configurations to
the UNIX operating systems implemented by other vendors.

a.

Log in to the log host as a root user.

b.

Create a subdirectory named SecPath under directory /var/log/, and create file info.log
under the SecPath directory to save logs of SecPath.

# mkdir /var/log/SecPath

# touch /var/log/SecPath/info.log

c.

Edit the file /etc/syslog.conf and add the following contents.

# SecPath configuration messages

local4.info /var/log/SecPath/info.log

In the above configuration, local4 is the name of the logging facility used by the log host to receive

logs. info is the information level. The UNIX system will record the log information with severity

level equal to or higher than information to file /var/log/SecPath/info.log.

NOTE:

Be aware of the following issues while editing the file /etc/syslog.conf:

Comments must be on a separate line and must begin with a pound (#) sign.

No redundant spaces are allowed after the file name.

The logging facility name and the information level specified in the /etc/syslog.conf file must be
identical to those configured on the SecPath using the info-center loghost and info-center source

commands. Otherwise the log information might not be output properly to the log host.

d.

Display the process ID of syslogd, kill the syslogd process and then restart syslogd using the –r
option to make the modified configuration take effect.

# ps -ae | grep syslogd

147

# kill -HUP 147

# syslogd -r &