Versions Compared

Old Version 1

changes.mady.by.user Aliaksei Shautsou

Saved on

compared with

New Version 2

changes.mady.by.user Aliaksei Shautsou

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

The audit log contains a record of all TOE administrative activities. The stored audit records in the audit trail are protected from unauthorized modifications and deletion. For more information about the audit log, see Using the Audit Log .
Following are the events that are logged and examples of their corresponding audit log messages:




1858NIOS Administrator Guide (Rev. A)NIOS 8.1
Audit Log

Identification and Authentication

Wiki Markup
*Event:* Invalid password when logging in to the WebUI.
*Message:* "2011-10-19 14:02:32.750Z \[admin\]: Login_Denied - - to=Serial\040Console apparently_via=Direct error=invalid\040login\040or\040password"
\\
*Event:* Number of attempts exceeds the limit when logging in to the WebUI.
*Message:* "2011-10-19 14:05:23.217Z \[admin\]: Login_Denied - - to=Serial\040Console apparently_via=Direct error=failed\040logins\040exceed\040limit"
\\
*Event:* Invalid password when logging in to the CLI.
*Message:* "2011-10-19 14:02:32.750Z \[admin\]: Login_Denied - - to=Serial\040Console apparently_via=Direct error=invalid\040login\040or\040password"
\\
*Event:* Number of attempts exceeds the limit when logging in to the CLI.
*Message:* "2011-10-19 14:05:23.217Z \[admin\]: Login_Denied - - to=Serial\040Console apparently_via=Direct error=failed\040logins\040exceed\040limit"
\\
*Event:* Enable Common Criteria mode:
*Message:* 2011-10-19 19:48:37.299Z \[admin\]: Login_Allowed - - to=Serial\040Console apparently_via=Direct auth=Local group=.admin-group
*Message:* 2011-10-19 19:48:48.705Z \[admin\]: Called - set_cc_mode: Args cc_mode_enabled="true"
\\
*Event:* Disable Common Criteria mode:
*Message:* 2011-10-19 19:48:37.299Z \[admin\]: Login_Allowed - - to=Serial\040Console apparently_via=Direct auth=Local group=.admin-group
*Message:* 2011-10-19 19:48:48.705Z \[admin\]: Called - set_cc_mode: Args cc_mode_enabled="false"
\\
*Event:* Login successful
*Message:* 2011-10-19 19:48:48.706Z \[USER\040admin\]: rebooted the system
2011-11-01 17:09:21.696Z \[admin\]: Login_Allowed - - to=Serial\040Console apparently_via=Direct auth=Local group=.admin-group
\\
*Event:* First login
*Message:* 2011-10-19 12:43:47.375Z \[user\]: First_Login - - to=AdminConnector ip=127.0.0.1 auth=LOCAL group=admin-group apparently_via=GUI first login
\\
*Event:* Password expired
*Message:* 2011-10-20 13:17:29.257Z \[user\]: Password_Expired - - to=AdminConnector ip=127.0.0.1 auth=LOCAL group=admin-group    apparently_via=GUI
\\
*Event:* Password was successfully reset.
*Message:* 2011-10-19 12:44:45.962Z \[user\]: Password_Reset - - to=AdminConnector auth=LOCAL group=admin-group    apparently_via=GUI
\\
*Event:* New password did not conform to the rule.
*Message:{*}2011-10-19 13:07:33.343Z \[user\]: Password_Reset_Error - - to=AdminConnector auth=LOCAL group=admin-group    apparently_via=GUI
\\
!worddav82aac1426f41e4bf41b080762501fdd1.png|height=20,width=11!
NIOS 8.1NIOS Administrator Guide (Rev. A) 1859
Guidance Documentation Supplement
\\
*Quotas*
*Event:* Upload file limit reached.
*Message:* user manojk-vm httpd\[\]: err User \{0\} tried to upload the file. File \{1\} with size 272629904 kBytes is greater than maximum size allowed. Maximum size is 102400 kBytes.
*LDAP*
*Event:* Establishment of session
*Message:* 2011-10-27T07:50:59-04:00 user epbyminw0065t2 python\[\]: notice Connection established:success *Event:* Failure to establish a session
*Message:* 2011-10-27T07:50:38-04:00 user epbyminw0065t2 python\[\]: err 10.6.11.249: AD user authentication timed out
*Message:* 2011-10-27T07:51:02-04:00 user epbyminw0065t2 python\[\]: err Connection timed out
*Event:* Crypto Failure (Type and name of crypto algorithm that failed cannot be logged, since openldap uses SSL/TLS protocol functions from OpenSSL and did not use crypto functions directly.)
*Message:* 2011-10-27T07:51:00-04:00 user epbyminw0065t2 python\[\]: err SSL handshake failed.
*Message:* 2011-10-27T07:51:02-04:00 user epbyminw0065t2 python\[\]: err SSL handshake failed. Cannot verify server certificate.
*GSS-TSIG*
*Event:* Invalid size specified for algorithm HMAC-SHA256
*Message:* 2011-10-19T17:57:12-04:00 user EPBYMINW2856 httpd\[\]: err TSIG key generation failure: Size 512 can not be used with algorithm HMAC-SHA256
*Event:* Invalid algorithm specified in Common Criteria mode
*Message:* 2011-10-19T18:12:22-04:00 user EPBYMINW2856 httpd\[\]: err TSIG key (keylen = 256, algname = HMAC-MD5) generation error : Only HMAC-SHA256 available in CC mode.
*Event:* Algorithm restriction
*Message:* Only AES128_CTS_HMAC_SHA1_96 or AES256_CTS_HMAC_SHA1_96 algorithms are allowed in CC mode. Current algorithm is DES_CBC_CRC.
*TSIG* *CSV* *Import/Export*
*Event:* Import error (TSIG algorithm is not allowed in Common Criteria mode) *Message:* \[2011/10/20 09:38:42.496\] (24473 /usr/bin/python)
/infoblox/common/lib/python/infoblox/one/csv_import_function.py:601 write_to_error_file(): Import Error:
authzone,zone.com,FORWARD,,,,,,,False,False,False,,1.2.3.4/1.2.3.4/False/False/True/ext_sec_key/ut29ROLaJwty 6a%2Fhsgg0wA==,infoblox.localdomain,False,,,,,,,,,,,,,2,,default,Authoritative-Line 2: Insertion aborted due to IBDataError?: IB.Data:TSIG algorithm used for TSIG key name 'ext_sec_key' is not allowed in CC mode.
*"set"* *commands*
*Message:* 2011-10-19 13:14:04.030Z \[admin\]: Called - set_snmptrap: Args variable="sysName.0", address="10.120.20.31"
*Message:* 2011-10-19 13:16:16.545Z \[admin\]: Called - set_scheduled: Args task_restarts="0 from 60" *Message:* 2011-10-19 13:17:19.391Z \[admin\]: Called - set_mld_version_1: MLD version set to 1
*Message:* 2011-10-19 13:18:28.171Z \[admin\]: Called - set_support_access: Args support_access="true from false" *Message:* 2011-10-19 13:19:46.669Z \[admin\]: Called - set_session_timeout: Args session_timeout="650 from 600"
*Message:* 2011-10-19 13:23:11.596Z \[admin\]: Called - set_phonehome: Args phonehome_disabled="true from false"
*Message:* 2011-10-19 13:24:02.372Z \[admin\]: Called - set_remote_console: Args remote_console="true from false"
*Message:* 2011-10-19 13:25:31.704Z \[admin\]: Called - set_security: Args address="10.120.20.31",netmask="255.255.255.0"
\\
!worddav82aac1426f41e4bf41b080762501fdd1.png|height=20,width=11!
1860NIOS Administrator Guide (Rev. A)NIOS 8.1
Audit Log
\\
\\
*Message:* 2011-10-19 13:26:12.673Z \[admin\]: Called - set_safemode
*Message:* 2011-10-19 13:28:12.302Z \[admin\]: Called - set_prompt: Args prompt=ip *Message:* 2011-10-19 13:30:22.221Z \[admin\]: Called - set BGP: Args log_level="debugging"
*Message:* 2011-10-19 13:31:20.142Z \[admin\]: Called - set OSPF: Args log_level="informational" *Message:* 2011-10-19 13:32:10.319Z \[admin\]: Called - set_nosafemode
*Message:* 2011-10-19 13:38:42.998Z \[admin\]: Called - set_network: Args ip_address="10.120.20.34 from 10.120.20.31",netmask="255.255.255.0 from 255.255.255.0",gateway_address="10.120.20.1 from 10.120.20.1"
*Message:* 2011-10-19 13:41:56.178Z \[admin\]: Called - set_ip_rate_limit: Args ip_rate_limit="on from off" *Message:* 2011-10-19 13:43:42.828Z \[admin\]: Called - set_monitor_dns_alert: Args dns_alert="on from off" *Message:* 2011-10-19 13:46:34.647Z \[admin\]: updated physical node 0
*Message:* 2011-10-19 13:46:34.648Z \[admin\]: Called - set_interface: Args interface="LAN", speed="100M", duplex="half"
*Message:* 2011-10-19 13:48:03.066Z \[admin\]: Called - set_dns: Args dns="flush all " *Message:* 2011-10-19 13:49:35.527Z \[admin\]: Called - set_debug: Args all="on from off"
*Message:* 2011-10-19 09:53:53.595Z \[admin\]: Called - set_ibtrap: Args ibtrap="DNS", snmp="true", email="true"
*Message:* 2011-10-19 09:57:00.747Z \[admin\]: Called - set_thresholdtrap: Args thresholdtrap="CpuUsage", trigger="60", reset="50"
*Message:* 2011-10-19 10:32:50.183Z \[admin\]: Called - set_maintenancemode: Args maintenancemode="on from off"
*Message:* 2011-10-19 14:05:20.132Z \[admin\]: Called - set_dhcp_expert_mode: Args dhcp_expert_mode="true from false"
*Message:* 2011-10-19 14:07:02.082Z \[admin\]: Called - set_dhcp_release_delay: Args delay_time=40 secs
*Message:* 2011-10-19 14:09:24.285Z \[admin\]: Called - set_gsstsig_key_expiration_time: Args gsstsig_key_expiration_time="3000 from 3600"
*Message:* 2011-10-19 14:10:19.906Z \[admin\]: Called - set_named_worker_threads: Args named_worker_threads="20 from 0"
*Message:* 2011-10-19 14:11:04.731Z \[admin\]: Called set_recursion_log_interval: Args recursion_log_interval="60"
*Message:* 2011-10-19 14:14:12.170Z \[admin\]: Called - set_partial_replication: Args partial_replication="off from on"
*Message:* 2011-10-19 14:15:33.978Z \[admin\]: Called - set_rep_queue_ixfr_limit: Args rep_queue_ixfr_limit="60 from 1000"
*Message:* 2011-10-19 14:16:16.797Z \[admin\]: Called - set_watchdog: Args watchdog_enabled="true from false" *Message:* 2011-10-19 14:17:14.605Z \[admin\]: Called - set_fsck
*Message:* 2011-10-19 14:19:25.282Z \[admin\]: Called - set_host_consistency_check: Args host_consistency_check="on from off"
*Message:* 2011-10-19 14:21:00.202Z \[admin\]: Called - set_internal_apache_http_port: Args internal_apache_http_port="2000 from 9000"
*Message:* 2011-10-19 14:22:18.682Z \[admin\]: Called - set_internal_jetty_http_port: Args internal_apache_http_port="6060 from 8080"
*Message:* 2011-10-19 14:25:58.704Z \[admin\]: Called - set_always_ret_nxdomain_for_fmz_ptr: Args always_ret_nxdomain_for_fmz_ptr="true from false"
*Message:* 2011-10-19 14:28:18.046Z \[admin\]: Called - set_debug_tools: Args debug_tools="db_binary_dump" *Message:* 2011-10-19 14:29:06.511Z \[admin\]: Called - set_dns_autogen: Args dns_auto_gen="check"
*Message:* 2011-10-19 14:30:54.628Z \[admin\]: Called - set_named_recv_sock_buf_size: Args udp_so_rcvbuf="122 from (null)"
\\
\\
\\
\\
!worddav82aac1426f41e4bf41b080762501fdd1.png|height=20,width=11!
NIOS 8.1NIOS Administrator Guide (Rev. A) 1861
Guidance Documentation Supplement
\\
*CLI Top* *Level* *Commands*
*Message:* 2011-10-19 10:33:29.664Z \[admin\]: Called - delete_cores_all
*Message:* 2011-10-19 10:38:12.356Z \[admin\]: Called - delete_cores: Args filename="core.8295.gz" *Message:* 2011-10-19 10:58:28.064Z \[admin\]: Called - delete_backup_all
*Message:* 2011-10-19 11:00:17.917Z \[admin\]: Called - delete_backup: Args filename="BACKUP_6.bkp" *Message:* 2011-10-19 12:41:47.707Z \[admin\]: Called - rotate_log: Args log="syslog"
*Message:* 2011-10-19 12:58:11.738Z \[admin\]: Called - rotate_log: Args log="audit"
*Message:* 2011-10-19 12:58:11.738Z \[USER\040admin\]: rotated the previous audit log to audit.log.0.gz *Message:* 2011-10-19 13:51:36.982Z \[admin\]: Called - reset_database
*Message:* 2011-10-19 13:54:14.023Z \[admin\]: Called - debug_webui_restart *Message:* 2011-10-19 13:57:39.407Z \[USER\040admin\]: rebooted the system
*Message:* 2011-10-19 14:03:41.124Z \[admin\]: Called - delete_file: Args groupname="bloxtools", filename="/storage/web-portal/udata/logs/access.log"
*CLI* *Emergency* *Commands*
*Message:* 2011-10-19 14:32:31.927Z \[Emergency\040User\]: Called - set_safemode *Message:* 2011-10-19 14:33:23.591Z \[Emergency\040User\]: Called - set_nosafemode
*Message:* 2011-10-19 14:33:41.286Z \[Emergency\040User\]: Called set_repsafe_mode: Args repsafe_mode = on *Message:* 2011-10-19 14:34:47.321Z \[Emergency\040User\]: Called - set_weak
*Message:* 2011-10-19 14:35:25.969Z \[Emergency\040User\]: Called - set_fsck
*Message:* 2011-10-19 14:35:46.604Z \[Emergency\040User\]: Called - set_watchdog: Args watchdog_enabled="true from true"
*Message:* 2011-10-19 14:41:13.727Z \[Emergency\040User\]: Called - reset_database
\\
\\
\\
\\