Saving security logs into the security log file – H3C Technologies H3C SecBlade LB Cards User Manual

22

A security log administrator is a local user who is authorized by AAA as the security log administrator.

You can authorize a security log administrator by executing the authorization-attribute user-role
security-audit command in local user view.
The system administrator cannot view, copy, or rename the security log file. If they try, the system displays

an "%Execution error" message. The system administrator can view, copy and rename other types of

files.
For more information about local user and AAA local authentication, see Security Configuration Guide.

Saving security logs into the security log file

If this feature is enabled, the system first outputs security logs to the security log file buffer, and then saves
the logs in the security log file buffer into the security log file at a specified interval (the security log

administrator can also manually save security logs into the log file). After the logs are saved, the buffer

is cleared immediately.
The size of the security log file is limited. If the maximum size is reached, the system deletes the oldest log
and writes the new log into the security log file. To avoid losing security logs, you can set an alarm

threshold. When the alarm threshold is reached, the system outputs a message to inform the

administrator. The administrator can log in to the device as the security log administrator and back up the

security log file.
By default, security logs are not saved into the security log file. The parameters, such as the saving

interval, the maximum size, and the alarm threshold, have default settings. To modify these parameters,

log in to the device as the system administrator, and then follow the steps in the following table to

configure the related parameters:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable the information center. info-center enable

Optional.
Enabled by default.

3.

Enable the saving of the
security logs into the security

log file.

info-center security-logfile enable

Disabled by default.

4.

Set the interval for saving
security logs to the security log

file.

info-center security-logfile
frequency freq-sec

Optional.
The default saving interval is 600
seconds.

5.

Set the maximum size of the
security log file.

info-center security-logfile
size-quota size

Optional.
The default setting is 1 MB.

6.

Set the alarm threshold of the
security log file usage.

info-center security-logfile
alarm-threshold usage

Optional.
80 by default. That is, when the

usage of the security log file
reaches 80%, the system informs

the user.