Fibre Channel (SAN)

Reply
Contributor
Posts: 22
Registered: ‎02-24-2014

Audit log missing critical information

I've got audit logging enabled on a switch and it's set to the most aggressive level possible: 

 

admin> auditcfg --show
Audit filter is enabled.
1-ZONE
2-SECURITY
3-CONFIGURATION
4-FIRMWARE
5-FABRIC
Severity level: INFO

 

When I look at the syslog events file I'm sending this to, I can see a lot of good things, but it's missing some critical stuff. On the top of my list is that while it will show who applied a new zoning config, it doesn't provide any information about what they changed. Is there a way to include that somehow? We need to track changes made by CLI as well as through the GUI.

 

Second is that portdisable commands are not logged. Of all the commands to not include in an audit log, this is a strange choice...

Regular Contributor
Posts: 164
Registered: ‎05-11-2011

Re: Audit log missing critical information

Hi,

 

which FOS Version you are using?

Please look with auditdump -s if the Information is there.

We can see everything you want in the BNA Masterlog and auditdump.

 

 

Kind Regards
Ralf

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.