Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The audit log contains a record of all TOE administrative activities. The stored audit records in the audit trail are protected from unauthorized modifications and deletion. For more information about the audit log, see Using the Audit Log .
Following are the events that are logged and examples of their corresponding audit log messages:




1858NIOS Administrator Guide (Rev. A)NIOS 8.1
Audit Log

Identification and Authentication

Event: Invalid password when logging in to the WebUI.
Message: "2011-10-19 14:02:32.750Z [admin]: Login_Denied - - to=Serial\040Console apparently_via=Direct error=invalid\040login\040or\040password"
Event: Number of attempts exceeds the limit when logging in to the WebUI.
Message: "2011-10-19 14:05:23.217Z [admin]: Login_Denied - - to=Serial\040Console apparently_via=Direct error=failed\040logins\040exceed\040limit"
Event: Invalid password when logging in to the CLI.
Message: "2011-10-19 14:02:32.750Z [admin]: Login_Denied - - to=Serial\040Console apparently_via=Direct error=invalid\040login\040or\040password"
Event: Number of attempts exceeds the limit when logging in to the CLI.
Message: "2011-10-19 14:05:23.217Z [admin]: Login_Denied - - to=Serial\040Console apparently_via=Direct error=failed\040logins\040exceed\040limit"
Event: Enable Common Criteria mode:
Message: 2011-10-19 19:48:37.299Z [admin]: Login_Allowed - - to=Serial\040Console apparently_via=Direct auth=Local group=.admin-group
Message: 2011-10-19 19:48:48.705Z [admin]: Called - set_cc_mode: Args cc_mode_enabled="true"
Event: Disable Common Criteria mode:
Message: 2011-10-19 19:48:37.299Z [admin]: Login_Allowed - - to=Serial\040Console apparently_via=Direct auth=Local group=.admin-group
Message: 2011-10-19 19:48:48.705Z [admin]: Called - set_cc_mode: Args cc_mode_enabled="false"
Event: Login successful
Message: 2011-10-19 19:48:48.706Z [USER\040admin]: rebooted the system
2011-11-01 17:09:21.696Z [admin]: Login_Allowed - - to=Serial\040Console apparently_via=Direct auth=Local group=.admin-group
Event: First login
Message: 2011-10-19 12:43:47.375Z [user]: First_Login - - to=AdminConnector ip=127.0.0.1 auth=LOCAL group=admin-group apparently_via=GUI first login
Event: Password expired
Message: 2011-10-20 13:17:29.257Z [user]: Password_Expired - - to=AdminConnector ip=127.0.0.1 auth=LOCAL group=admin-group apparently_via=GUI
Event: Password was successfully reset.
Message: 2011-10-19 12:44:45.962Z [user]: Password_Reset - - to=AdminConnector auth=LOCAL group=admin-group apparently_via=GUI
Event: New password did not conform to the rule.
Message:2011-10-19 13:07:33.343Z [user]: Password_Reset_Error - - to=AdminConnector auth=LOCAL group=admin-group apparently_via=GUI
Unable to render embedded object: File (worddav82aac1426f41e4bf41b080762501fdd1.png) not found.
NIOS 8.1NIOS Administrator Guide (Rev. A) 1859
Guidance Documentation Supplement
Quotas
Event: Upload file limit reached.
Message: user manojk-vm httpd[]: err User {0} tried to upload the file. File {1} with size 272629904 kBytes is greater than maximum size allowed. Maximum size is 102400 kBytes.
LDAP
Event: Establishment of session
Message: 2011-10-27T07:50:59-04:00 user epbyminw0065t2 python[]: notice Connection established:success Event: Failure to establish a session
Message: 2011-10-27T07:50:38-04:00 user epbyminw0065t2 python[]: err 10.6.11.249: AD user authentication timed out
Message: 2011-10-27T07:51:02-04:00 user epbyminw0065t2 python[]: err Connection timed out
Event: Crypto Failure (Type and name of crypto algorithm that failed cannot be logged, since openldap uses SSL/TLS protocol functions from OpenSSL and did not use crypto functions directly.)
Message: 2011-10-27T07:51:00-04:00 user epbyminw0065t2 python[]: err SSL handshake failed.
Message: 2011-10-27T07:51:02-04:00 user epbyminw0065t2 python[]: err SSL handshake failed. Cannot verify server certificate.
GSS-TSIG
Event: Invalid size specified for algorithm HMAC-SHA256
Message: 2011-10-19T17:57:12-04:00 user EPBYMINW2856 httpd[]: err TSIG key generation failure: Size 512 can not be used with algorithm HMAC-SHA256
Event: Invalid algorithm specified in Common Criteria mode
Message: 2011-10-19T18:12:22-04:00 user EPBYMINW2856 httpd[]: err TSIG key (keylen = 256, algname = HMAC-MD5) generation error : Only HMAC-SHA256 available in CC mode.
Event: Algorithm restriction
Message: Only AES128_CTS_HMAC_SHA1_96 or AES256_CTS_HMAC_SHA1_96 algorithms are allowed in CC mode. Current algorithm is DES_CBC_CRC.
TSIG CSV Import/Export
Event: Import error (TSIG algorithm is not allowed in Common Criteria mode) Message: [2011/10/20 09:38:42.496] (24473 /usr/bin/python)
/infoblox/common/lib/python/infoblox/one/csv_import_function.py:601 write_to_error_file(): Import Error:
authzone,zone.com,FORWARD,,,,,,,False,False,False,,1.2.3.4/1.2.3.4/False/False/True/ext_sec_key/ut29ROLaJwty 6a%2Fhsgg0wA==,infoblox.localdomain,False,,,,,,,,,,,,,2,,default,Authoritative-Line 2: Insertion aborted due to IBDataError?: IB.Data:TSIG algorithm used for TSIG key name 'ext_sec_key' is not allowed in CC mode.
"set" commands
Message: 2011-10-19 13:14:04.030Z [admin]: Called - set_snmptrap: Args variable="sysName.0", address="10.120.20.31"
Message: 2011-10-19 13:16:16.545Z [admin]: Called - set_scheduled: Args task_restarts="0 from 60" Message: 2011-10-19 13:17:19.391Z [admin]: Called - set_mld_version_1: MLD version set to 1
Message: 2011-10-19 13:18:28.171Z [admin]: Called - set_support_access: Args support_access="true from false" Message: 2011-10-19 13:19:46.669Z [admin]: Called - set_session_timeout: Args session_timeout="650 from 600"
Message: 2011-10-19 13:23:11.596Z [admin]: Called - set_phonehome: Args phonehome_disabled="true from false"
Message: 2011-10-19 13:24:02.372Z [admin]: Called - set_remote_console: Args remote_console="true from false"
Message: 2011-10-19 13:25:31.704Z [admin]: Called - set_security: Args address="10.120.20.31",netmask="255.255.255.0"
Unable to render embedded object: File (worddav82aac1426f41e4bf41b080762501fdd1.png) not found.
1860NIOS Administrator Guide (Rev. A)NIOS 8.1
Audit Log

Message: 2011-10-19 13:26:12.673Z [admin]: Called - set_safemode
Message: 2011-10-19 13:28:12.302Z [admin]: Called - set_prompt: Args prompt=ip Message: 2011-10-19 13:30:22.221Z [admin]: Called - set BGP: Args log_level="debugging"
Message: 2011-10-19 13:31:20.142Z [admin]: Called - set OSPF: Args log_level="informational" Message: 2011-10-19 13:32:10.319Z [admin]: Called - set_nosafemode
Message: 2011-10-19 13:38:42.998Z [admin]: Called - set_network: Args ip_address="10.120.20.34 from 10.120.20.31",netmask="255.255.255.0 from 255.255.255.0",gateway_address="10.120.20.1 from 10.120.20.1"
Message: 2011-10-19 13:41:56.178Z [admin]: Called - set_ip_rate_limit: Args ip_rate_limit="on from off" Message: 2011-10-19 13:43:42.828Z [admin]: Called - set_monitor_dns_alert: Args dns_alert="on from off" Message: 2011-10-19 13:46:34.647Z [admin]: updated physical node 0
Message: 2011-10-19 13:46:34.648Z [admin]: Called - set_interface: Args interface="LAN", speed="100M", duplex="half"
Message: 2011-10-19 13:48:03.066Z [admin]: Called - set_dns: Args dns="flush all " Message: 2011-10-19 13:49:35.527Z [admin]: Called - set_debug: Args all="on from off"
Message: 2011-10-19 09:53:53.595Z [admin]: Called - set_ibtrap: Args ibtrap="DNS", snmp="true", email="true"
Message: 2011-10-19 09:57:00.747Z [admin]: Called - set_thresholdtrap: Args thresholdtrap="CpuUsage", trigger="60", reset="50"
Message: 2011-10-19 10:32:50.183Z [admin]: Called - set_maintenancemode: Args maintenancemode="on from off"
Message: 2011-10-19 14:05:20.132Z [admin]: Called - set_dhcp_expert_mode: Args dhcp_expert_mode="true from false"
Message: 2011-10-19 14:07:02.082Z [admin]: Called - set_dhcp_release_delay: Args delay_time=40 secs
Message: 2011-10-19 14:09:24.285Z [admin]: Called - set_gsstsig_key_expiration_time: Args gsstsig_key_expiration_time="3000 from 3600"
Message: 2011-10-19 14:10:19.906Z [admin]: Called - set_named_worker_threads: Args named_worker_threads="20 from 0"
Message: 2011-10-19 14:11:04.731Z [admin]: Called set_recursion_log_interval: Args recursion_log_interval="60"
Message: 2011-10-19 14:14:12.170Z [admin]: Called - set_partial_replication: Args partial_replication="off from on"
Message: 2011-10-19 14:15:33.978Z [admin]: Called - set_rep_queue_ixfr_limit: Args rep_queue_ixfr_limit="60 from 1000"
Message: 2011-10-19 14:16:16.797Z [admin]: Called - set_watchdog: Args watchdog_enabled="true from false" Message: 2011-10-19 14:17:14.605Z [admin]: Called - set_fsck
Message: 2011-10-19 14:19:25.282Z [admin]: Called - set_host_consistency_check: Args host_consistency_check="on from off"
Message: 2011-10-19 14:21:00.202Z [admin]: Called - set_internal_apache_http_port: Args internal_apache_http_port="2000 from 9000"
Message: 2011-10-19 14:22:18.682Z [admin]: Called - set_internal_jetty_http_port: Args internal_apache_http_port="6060 from 8080"
Message: 2011-10-19 14:25:58.704Z [admin]: Called - set_always_ret_nxdomain_for_fmz_ptr: Args always_ret_nxdomain_for_fmz_ptr="true from false"
Message: 2011-10-19 14:28:18.046Z [admin]: Called - set_debug_tools: Args debug_tools="db_binary_dump" Message: 2011-10-19 14:29:06.511Z [admin]: Called - set_dns_autogen: Args dns_auto_gen="check"
Message: 2011-10-19 14:30:54.628Z [admin]: Called - set_named_recv_sock_buf_size: Args udp_so_rcvbuf="122 from (null)"



Unable to render embedded object: File (worddav82aac1426f41e4bf41b080762501fdd1.png) not found.
NIOS 8.1NIOS Administrator Guide (Rev. A) 1861
Guidance Documentation Supplement
CLI Top Level Commands
Message: 2011-10-19 10:33:29.664Z [admin]: Called - delete_cores_all
Message: 2011-10-19 10:38:12.356Z [admin]: Called - delete_cores: Args filename="core.8295.gz" Message: 2011-10-19 10:58:28.064Z [admin]: Called - delete_backup_all
Message: 2011-10-19 11:00:17.917Z [admin]: Called - delete_backup: Args filename="BACKUP_6.bkp" Message: 2011-10-19 12:41:47.707Z [admin]: Called - rotate_log: Args log="syslog"
Message: 2011-10-19 12:58:11.738Z [admin]: Called - rotate_log: Args log="audit"
Message: 2011-10-19 12:58:11.738Z [USER\040admin]: rotated the previous audit log to audit.log.0.gz Message: 2011-10-19 13:51:36.982Z [admin]: Called - reset_database
Message: 2011-10-19 13:54:14.023Z [admin]: Called - debug_webui_restart Message: 2011-10-19 13:57:39.407Z [USER\040admin]: rebooted the system
Message: 2011-10-19 14:03:41.124Z [admin]: Called - delete_file: Args groupname="bloxtools", filename="/storage/web-portal/udata/logs/access.log"
CLI Emergency Commands
Message: 2011-10-19 14:32:31.927Z [Emergency\040User]: Called - set_safemode Message: 2011-10-19 14:33:23.591Z [Emergency\040User]: Called - set_nosafemode
Message: 2011-10-19 14:33:41.286Z [Emergency\040User]: Called set_repsafe_mode: Args repsafe_mode = on Message: 2011-10-19 14:34:47.321Z [Emergency\040User]: Called - set_weak
Message: 2011-10-19 14:35:25.969Z [Emergency\040User]: Called - set_fsck
Message: 2011-10-19 14:35:46.604Z [Emergency\040User]: Called - set_watchdog: Args watchdog_enabled="true from true"
Message: 2011-10-19 14:41:13.727Z [Emergency\040User]: Called - reset_database



  • No labels