HP StorageWorks 4/256 Brocade Error Message Reference Guide v6.0.0 (53-1000600 - Page 54
Event Auditing, Overview of System Messages
View all HP StorageWorks 4/256 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 54 highlights
1 Overview of System Messages • Messages are numbered sequentially from 1 to 2,147,483,647 (0x7ffffff). The sequence number will continue to increase beyond the storage limit of 1024 messages. The sequence number can be reset to 1 using the errClear command. The sequence number is persistent across power cycles and switch reboots. • By default, the errDump and errShow commands display all of the system error messages. • Trace dump, first-time failure detection capture (FFDC), and core dump files can be uploaded to the FTP server using the supportSave command. • It is recommended to configure the syslogd facility as a management tool for error logs. This is particularly important for dual-domain switches, as the syslogd facility saves messages from two logical switches as a single file and in sequential order. See "System Logging Daemon (syslogd)" on page 3 for more information. EVENT AUDITING Event auditing is designed to support post-event audtis and problem determination based on high-frequency events of certain types such as security violations, zoning configuration changes, firmware downloads, and certain types of fabric events. Pre-Fabric OS v5.2.0 generated a subset of messages flagged as AUDIT in the RASLog to identify some of this type of output in addition to error log messages. In Fabric OS v5.2.0 and later, messages flagged as AUDIT are no longer saved in the switch's error logs. Instead, the switch can be configured to stream Audit messages to the switch console and to forward the messages to specified syslog server(s). There is no limit to the number of audit events. For any given event, AUDIT messages capture the following information: • User Name: The name of the user who triggered the action. • User Role: for example, root or admin. • Event Name: The name of the event that occurred. • Status: The status of the event that occurred: success or failure. • Event Info: Information about the event. The following five event classes can be audited: TABLE 1 Operand Event Class Description 1 Zone You can audit zone event configuration changes, but not the actual values that were changed. For example, you may receive a message that states "Zone configuration has changed," but the message does not display the actual values that were changed. 2 Security Security: You can audit any user-initiated security event for all management interfaces. For events that have an impact on the entire fabric, an audit is only generated for the switch from which the event was initiated. 3 Configuration Configuration: You can audit configuration downloads of existing SNMP configuration parameters. Configuration uploads are not audited. 4 Firmware You can audit configuration downloads of existing SNMP configuration parameters. Configuration uploads are not audited. 5 Fabric You can audit Administration Domain related changes. 2 Fabric OS Message Reference 53-1000600-01