HP StorageWorks 2/16V Brocade Fabric OS Message Reference Guide (53-1000242-01 - Page 56

1 Overview of System Messages • Messages are numbered sequentially from 1 to 2,147,483,647 (0x7ffffff). The sequence number will continue to increase beyond the storage limit of 1024 messages. The sequence number can be reset to 1 using the errClear command. The sequence number is persistent across power cycles and switch reboots. • By default, the errDump and errShow commands display all of the system messages. • You should configure the syslogd facility as a management tool for error logs. This is particularly important for dual-domain switches, as the syslogd facility saves messages from two CPs as a single file and in sequential order. See "System Logging Daemon (syslogd)" on page 1-2 for more information. Audit Messages Some RAS messages are enhanced to record additional information, for security purposes. They are flagged as Audit messages in the system message log. Therefore, some messages are both, RAS and Audit messages. The following messages are tagged as Audit messages: • Zone (ZONE-3001 to ZONE-3012): You can audit zone event configuration changes, but not the actual values that were changed. For example, you may receive a message that states "Zone configuration has changed," but the syslog does not display the actual values that were changed. • Security (SEC-3001 to SEC-3017 and SEC-3024 to SEC-3029): You can audit any user-initiated security event for all management interfaces. For events that have an impact on the entire fabric, an audit is only generated for the switch from which the event was initiated. • Configuration: You can audit configuration downloads of existing SNMP configuration parameters. Configuration uploads are not audited. • Firmware: You can audit firmware download start, firmware complete, and any errors encountered during a firmware download. • Fabric: You can audit Administration Domain related changes. Audit messages provide the following information: • User Name: The name of the user who triggered the action. • Role: The role of the user: for example, root or admin. • Event Name: The name of the event that occurred. • Status: The status of the event that occurred: success or failure. • Event Info: Information about the event. You must enable Audit messaging by configuring the syslogd to send the events to a configured remote host, using the syslogIpAdd-- command. You can set up filters to screen out particular classes of events using the auditCfg command (the classes include zone, security, configuration, firmware, and fabric). The defined set of Audit messages are sent to the configured, remote host in the Audit message format, so that they are easily distinguishable from other syslog events that might occur in the network. System Logging Daemon (syslogd) The system logging daemon (syslogd) is a process on UNIX, Linux, and some Windows systems that reads and logs messages as specified by the system administrator. 1-2 Fabric OS Message Reference Publication Number: 53-1000242-01