beautypg.com

Managing security logs, Managing authentication violation logs, Managing authentication – H3C Technologies H3C Intelligent Management Center User Manual

Page 498: Violation logs

background image

480

Managing security logs

Security logs record the security events that occur when a user is authenticated or accesses the Internet.

Operators can analyze security logs to identify security risks in the network and to enhance network

security. Security logs appear in the navigation tree only when the EAD component is installed. For more
information about security logs, see HP IMC EAD Security Policy Administrator Guide.

Managing authentication violation logs

In access policies, you can set the monitor mode or offline mode for the following detection items:

Setting up proxy servers

Setting IE proxy

Using multiple NICs

Using multiple operation systems

Configuring multiple IP addresses on a single NIC

Modifying MAC addresses

Configuring duplicate MAC addresses

Using the VMware NAT service

Using the VMware USB service

Running the iNode client on a virtual machine

Obtaining IP addresses through unauthorized DHCP servers

If you set the monitor mode for detection items, the iNode client reports the violations for UAM to

generate authentication violation logs.
If you set the offline mode for detection items, the iNode client immediately closes the network connection

once a violation is detected.
UAM clears outdated authentication violation logs every day for higher database performance. The

retention time of the authentication violation logs is determined by the service parameter Log Lifetime. For

more information about the service parameter, see "

32 Configuring global system settings

."

For more information about access policies, see "

Configuring access policies

."

Accessing the authentication violation log list page

1.

Click the User tab.

2.

Select User Access Log > Authentication Violation Log from the navigation tree.
The authentication violation log list displays all authentication violation logs.
Authentication violation log list contents

{

Account Name—Access account name that is used when the authentication violation occurs.

{

Login Name—Login username of the account that is used when the authentication violation
occurs.

{

User IP Address—IPv4 address of the violating user.

{

User MAC Address—MAC address of the violating user.

{

User IPv6 Address—IPv6 address of the violating user.

{

Violation Time—Time when the iNode client detects the violation.

See also other documents in the category H3C Technologies Safety: