Home » HP Manuals » Storage Devices » HP XP20000/XP24000 » Manual Viewer

HP XP20000/XP24000 HP StorageWorks XP24000/XP20000 Audit Log Reference Guide ( - Page 17

Storing Audit Logs, Set Syslog Server Operation

View all HP XP20000/XP24000 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

10. Confirm that the syslog server is receiving the log of syslog server setting when the setting operation is completed. AuditLog is the function name of the log and Set Syslog Server is the operation name (see "Set Syslog Server Operation" (page 45)). If the log is not received by the syslog server, verify that the IP address and the port number set matches with the IP address and the port number of the syslog server. If the IP address and the port number matches, check the syslog server setting. See the users manual of the syslog server for more details on syslog server settings. Figure 2 Syslog Window Storing Audit Logs To store audit logs, you can either to temporarily store audit logs in a system disk before storing the logs in the SVP, or store audit logs directly in the SVP. To keep track of commands sent from hosts, HP recommends that you temporarily store audit logs in a system disk before storing the logs in the SVP. Audit logs are transferred and stored in the SVP. However, audit logs might get lost if the SVP is not working due to a failure, because the SVP cannot receive the transferred audit logs. You can temporarily store logs in a system disk so that you can reduce the risk of losing audit logs. The audit logs stored in the system disk will be eventually stored in the SVP. Only the storage administrator can configure how to store audit logs, and the Audit Log Administrator Role needs to be set to Modify. Make sure that the storage administrator has created a system disk to store audit logs temporarily before storing the logs in the SVP. To configure how to store audit logs: 1. Log on as a storage administrator and open the Remote Web Console main window. 2. Change to Modify mode. 3. Click Go - Security - Audit Log Setting in the menu bar of the Remote Web Console main window. The Audit Log Setting window (see Figure 3 (page 18)) displays. Storing Audit Logs 17

Section	Page
XP24000/XP20000 Audit Log User and Reference Guide	1
Contents	3
1 Introduction	12
Purpose of Audit Logs	12
Download the Audit Log Information Files to the Remote Web Console Computer	13
Download the Syslog Information File to the Remote Web Console Computer	13
Transferring the Audit Log Information File to the FTP Server	13
Transferring the Audit Log Files to Syslog Servers	15
Storing Audit Logs	17
Audit Log File Description	18
2 Audit Log File Format	20
Audit Log Information File	20
Syslog Information File	22
Syslog Information File Monitoring Threshold	26
3 Information Output in the Audit Log Information File	27
Operation of Remote Web Console and SVP	27
Receiving Command from the Host	36
DKA Encryption License Key Operation	36
PIN Deletion Tool Operation	36
Audit Log Reproduced Output	37
Audit Log Lost Output	37
4 Sample Audit Logs of Remote Web Console PC and SVP Operations	38
5 Account Function	39
Set User Account Operation	39
Set Login Message Operation	41
6 Audit Log Function	43
Audit Log Buffer	43
Create File	43
DKCAuditLog was lost	43
Over MaxLine Event	44
Over Threshold Event	44
Set FTP Server Operation	44
Set Syslog Server Operation	45
SIM Complete Operation	46
7 BASE Function	47
Certificate Update Operation	47
Control Panel Backup Operation	47
Control Panel Restore Operation	48
Delete CVAE Info Operation	48
Environment Setting Operation	49
Login Operation	49
Logout Operation	50
Release HTTP Block Operation	50
Set CVAE Info Operation	51
Set System Info Operation	51
Set Up HTTP Block Operation	52
Storage Device Add Operation	52
Storage Device Del Operation	53
Storage Device Edit Operation	54
8 XP Business Copy Software Function	55
Change Reserve Operation	55
Initialize Operation	55
Option Operation	55
Pair Create Operation	56
Pairresync Operation	57
Pairsplit Operation	57
Pairsplit-E Operation	58
Pairsplit-S Operation	58
9 Cache Function	60
DCR Prestaging Operation	60
Delete Cache Residency Manager for z/OS (M/F DCR) Operation	60
Delete Open Cache Residency Manager (Open DCR) Operation	60
Set Cache Residency Manager for z/OS (M/F DCR) Operation	61
Set Open Cache Residency Manager (DCR) Operation	62
10 CFL Function	63
LUNM Operation	63
VRM Operation	63
11 CFL Extension Function	64
CflSet Start Operation	64
CflSet End Operation	64
12 XP Continuous Access Software Function	65
Add CTG Operation	65
Change Async Option Operation	65
Change CTG Option Operation	66
Change Option Operation	66
Change Pair Option Operation	67
Delete CTG Operation	68
Function Switch Operation	68
Paircreate Operation	69
Pairresync Operation	70
Pairsplit-r Operation	71
Pairsplit-S Operation	72
13 XP Continuous Access Journal Software Function	74
Journal-Option Operation	74
Journal-Vol Operation (Add Parameter)	75
Journal-Vol Operation (Group-Delete Parameter)	76
Paircreate Operation	76
Pairresync Operation	77
Pairsplit-r Operation	78
Pairsplit-S Operation	79
Pair-Option Operation	80
R-Cmd. Dev. Operation	81
System-Option Operation	82
14 XP for CPAV Software Function	83
Add Alias Operation	83
Delete Alias Operation	83
15 Data Retention Utility Function	85
Attribute Operation	85
Expiration-Lock Operation	85
16 XP Disk/Cache Partition Function	87
Set Operation	87
17 Email Info Function	89
MailAddress Write Operation	89
Valid Flag Update Operation	89
18 XP External Storage Access Manager function	91
Add Quorum Disk ID Operation	91
Del Quorum Disk ID Operation	91
Paircreate Operation	92
Pairresync Operation	93
Pairsplit-r Operation	93
Pairsplit-S Operation	94
19 XP External Storage Software Function	96
AddVolume(FIBRE) Operation	96
BlockPaths(FIBRE) Operation	97
Change-CacheMode Operation	98
ChangePaths(FIBRE) Operation	98
CheckPaths(FIBRE) Operation	99
ChkPath-RestoreVol Operation	100
DeleteVolume(FIBRE) Operation	100
Disconnect-Volume Operation	101
DividePathGroup Operation	102
Inflow-Control Operation	102
UnitePathGroup Operation	103
WwnTimer Operation	104
20 FC Function	105
Set SCP Time Operation	105
21 Information Function	106
Delete Log Operation	106
ORM Value Operation	106
SIM Complete Operation	107
SIM Reporting Option Operation	108
Threshold Value Operation	109
22 Install Function	111
Add Host Group Operation	111
Add LU Path Operation	111
Add WWN Operation	112
All Config Operation	112
Assist Config Operation	113
Backup Config Operation	113
Change Host Group Operation	114
Change WWN Operation	114
Cache Residency Manager (DCR) Prestaging Operation	115
Define Config. Operation	115
Delete Disk Controller (DKC) WWN Operation	115
Delete Host Group Operation	116
Delete LU Path Operation	116
Delete WWN Operation	117
Disk Unit (DKU) Emulation Operation	117
Force Reset Operation	118
Format Operation	118
Format Stop Operation	119
Initialize ORM Value Operation	119
Install Operation	120
Install CV Operation	125
Machine Install Date Operation	126
Make LUSE Operation	126
Make Vol./Vol. Init Operation	127
Micro Program Operation	128
MP Install Operation	129
M/F DCR (Cache Residency Manager for z/OS) Operation	129
New Installation Operation	130
Open DCR (Cache Residency Manager) Operation	130
Patch Edit Operation	131
Release LUSE Operation	132
Restore Config. Operation	132
Set Battery Life Operation	133
Set Channel Speed Operation	134
Set Command Device (CommandDev) Operation	134
Set Command Device Security (CommandDevSec) Operation	135
Set Encryption Key Operation	135
Set Fibre Address Operation	135
Set Fibre Topology Operation	136
Set Host Mode Operation	136
Set IP Address Operation	137
Set Security Switch Operation	138
Set Speed Mode Operation	139
Set Subsystem Time Operation	139
System Option Operation	140
System Tuning Operation	142
Uninstall Operation	143
Update Config Operation	147
Volume to Space Operation	147
23 LDEV Function	149
Volume-Blockade Operation	149
Volume-Format Operation	149
Volume-Format(H) Operation	150
Volume-Format(Q) Operation	150
Volume-Restore(N) Operation	151
24 LUNM Function	152
Add Host Group Operation	152
Add Logical Unit (LU) Path Operation	152
Add World Wide Name (WWN) Operation	153
Change Host Group Operation	153
Change WWN Operation	154
Delete Disk Controller (DKC) World Wide Name (WWN) Operation	154
Delete Host Group Operation	155
Delete Logical Unit (LU) Path Operation	155
Delete World Wide Name (WWN) Operation	156
Set Channel Speed Operation	156
Set Command Device (CommandDev) Operation	157
Set Command Device Security (CommandDev Sec) Operation	157
Set Fibre-Channel Security Protocol (FCSP) Host Operation	158
Set Fibre-Channel Security Protocol (FCSP) Port Info Operation	158
Set Fibre-Channel Security Protocol (FCSP) Port Switch Operation	159
Set Fibre-Channel Security Protocol (FCSP) Target Operation	160
Set Fibre Address Operation	160
Set Fibre Topology Operation	162
Set Host Mode Operation	162
Set Security Switch Operation	164
Set Speed Mode Operation	165
Set UUID Operation	165
25 LUSE Function	167
Make LUSE Operation	167
Release LUSE Operation	167
26 Maintenance Function	168
Blockade Operation	168
Correction Copy Operation	168
Drive Interrupt Operation	169
Format Operation	169
Format Stop Operation	170
Pre Quick Format Stop Operation	170
Quick Format Operation	171
Recover Operation	172
Replace Operation	172
Restore Operation	173
Restore Data Operation	174
Size Change Operation	174
Spare Disk Operation	175
Switch SVP Operation	175
Transfer Config Operation	176
Type Change Operation	176
Verify Operation	177
Verify Stop Operation	177
27 OND Function	178
Release Cache/CLPR Operation	178
28 XP Performance Control (Perf Ctrl) Function	179
Change XP Performance Control Group (PerfCtrlGrp) Operation	179
Clear PPC Info Operation	179
Default Set Operation	179
XP Performance Control Group (PerfCtrlGrp) Delete/Change (Del/Chg) Operation	180
Set All Priority (Prio) Port Operation	181
Set All Priority (Prio) WWN Operation	181
Set Ctrl Kind Operation	182
Set Priority (Prio) Port Operation	182
Set Priority (Prio) WWN Operation	183
Update Port WWN Operation	184
Update XP Performance Control Group (PerfCtrlGrp) Operation	184
Update World Wide Name (WWN) Operation	185
29 Performance Monitor Function	187
Monitoring S/W Operation	187
Monitoring Switch (S/W) & CU Operation	187
30 PORT Function	188
Change Port Operation	188
31 Optional PP KEY Function	189
PP Apply Operation	189
PP Available Install Operation	189
PP Disable chk Operation	189
PP Enable chk Operation	190
PP Install chk Operation	190
PP Install File chk Operation	191
PP Uninstall chk Operation	191
SLPR PP Change Operation	192
32 RCU Function	193
Add Path Operation	193
Add RCU Operation	193
Change RCU Option Operation	194
Delete Path Operation	195
Delete RCU Operation	196
33 Volume Shredder Function	198
End Shredding Operation	198
Set Shredding Operation	198
Suspend Shredding Operation	199
34 SI for Mainframe Function	200
Add Pair Operation	200
Change Reserve Operation	200
CTG Operation	201
Delete Pair Operation	201
Initialize Operation	202
Option Operation	202
Resync Pair Operation	203
Split Pair Operation	204
Suspend Pair Operation	204
35 XP Snapshot Function	206
Pairsplit-S Operation	206
36 SNMP Function	207
Set SNMP Agent Operation	207
37 TC for Mainframe Function	208
Add CTG Operation	208
Add Pair Operation	208
Change Async Option Operation	210
Change CTG Option Operation	210
Change Option Operation	211
Change Pair Option Operation	212
Clear SIM Operation	212
Delete Cmd.Dev Operation	213
Delete CTG Operation	213
Delete Pair Operation	213
Function Switch Operation	214
Resume Pair Operation	215
Script Operation	216
Suspend Pair Operation	216
38 UR for Mainframe Function	218
Add-Pair Operation	218
Clear-SIM Operation	219
Delete-Pair Operation	219
Edit-EXCTG (Extended Consistency Group) Operation	220
Journal-Option Operation	221
Journal-Vol Operation (with Add Parameter)	222
Journal-Vol Operation (with Group-Delete Parameter)	223
Pair-Option Operation	224
R-Cmd.Dev. Operation	224
Resume-Pair Operation	225
Suspend-Pair Operation	226
System-Option Operation	227
39 VLL Function	229
Install CV Operation	229
Make Volume Operation	230
Set SSID Operation	231
System Disk Options Operation	231
Volume Initialize Operation	232
Volume to Space Operation	233
40 XP Auto LUN Software Function	234
Create Auto Plan Operation	234
Del Auto Plan Log Operation	234
Delete Auto Plan Operation	234
Del Migration Log Operation	235
Set Auto Plan Param Operation	235
Set Class Threshold Operation	236
Set Fixed PG Operation	237
Set Migration Vol Operation	237
Set Plan Condition Operation	238
Set Reserved Vol Operation	239
41 VRM Function	240
Attribute Operation	240
VTOC Operation	240
42 VSEC Function	242
Set Group Operation	242
43 VVOL Function	244
Add V-Vol (Snapshot) Operation	244
Add V-Vol (THP) Operation	244
Asso V-VOL/Rel Pool Operation	245
Delete V-Vol (Snapshot) Operation	246
Delete V-Vol (THP) Operation	247
Emulation Operation	247
Pool Change/Delete Operation	248
Pool Optimize Operation	249
Pool Restore Operation	249
Pool SIM Comp Req Operation	249
Set Pool Operation	250
Set XRC Option Operation	251
44 Audit Log Information for the Commands Sent from the Host	252
FC-SP — Operation Name	252
M/F I/F — Interface Name	252
OPEN I/F — Interface Name	252
45 Audit Log Information about the Key Used for the Encryption License Key	254
Encryption (ENC) Function — Create Enc. Key Operation	254
Encryption (ENC) Function — Enc. Key Backup Operation	254
Encryption (ENC) Function — Enc. Key Restore Operation	254
Encryption (ENC) Function — PG Enc. Set Operation	255
Install Function — Set Encryption Key Operation	255
PINDeletion Function — Delete Operation	255
46 Support and Other Resources	257
Related Documentation	257
Conventions for Storage Capacity Values	257
HP Technical Support	257
Subscription Service	258
HP Websites	258
Documentation Feedback	258
A Audit Log Information File Output by Function	259
B SVP Operations Output to the Audit Log File	273
C CFL Extension Operations Output to the Audit Log Information File	276

Match case Limit results 1 per page

10. Confirm that the syslog server is receiving the log of syslog server setting when the setting

operation is completed. AuditLog is the function name of the log and Set Syslog Server is the

operation name (see

“Set Syslog Server Operation” (page 45)

If the log is not received by the syslog server, verify that the IP address and the port number

set matches with the IP address and the port number of the syslog server. If the IP address and

the port number matches, check the syslog server setting. See the users manual of the syslog

server for more details on syslog server settings.

Figure 2 Syslog Window

Storing Audit Logs

To store audit logs, you can either to temporarily store audit logs in a system disk before storing

the logs in the SVP, or store audit logs directly in the SVP. To keep track of commands sent from

hosts, HP recommends that you temporarily store audit logs in a system disk before storing the logs

in the SVP.

Audit logs are transferred and stored in the SVP. However, audit logs might get lost if the SVP is

not working due to a failure, because the SVP cannot receive the transferred audit logs. You can

temporarily store logs in a system disk so that you can reduce the risk of losing audit logs. The

audit logs stored in the system disk will be eventually stored in the SVP.

Only the storage administrator can configure how to store audit logs, and the

Audit Log

Administrator Role

needs to be set to

Modify

. Make sure that the storage administrator has created

a system disk to store audit logs temporarily before storing the logs in the SVP.

To configure how to store audit logs:

Log on as a storage administrator and open the Remote Web Console main window.

Change to

Modify

mode.

Click

Go – Security – Audit Log Setting

in the menu bar of the Remote Web Console main

window. The Audit Log Setting window (see

Figure 3 (page 18)

) displays.

Storing Audit Logs