249
[Sysname] quit
# Enable the display of log information on a terminal. (Optional, this function is enabled by default.)
<Sysname> terminal monitor
Info: Current terminal monitor is on.
<Sysname> terminal logging
Info: Current terminal logging is on.
After the configuration takes effect, if the specified module generates log information, the information
center automatically sends the log information to the console, which then displays the information.
Saving security logs into the security log file
Network requirements
As shown in Figure 86, to efficiently and conveniently view the security events and understand the
security status of the device, make sure of the following points:
• Save security logs into the security log file Flash:/securitylog/seclog.log at a frequency of one
hour.
• Only the security log administrator can view the contents of the security log file and back up the
security log file into the FTP server. All other logged-in users cannot view, copy and rename the
security log file.
Figure 86 Network diagram for saving security logs in a specific directory
System
administrator
Console
Device
IP network
Security log
administrator
FTP Server
192.168.1.2/24
GE1/0/1
1.1.1.1/24
GE1/0/2
192.168.1.1/24
Configuration considerations
The configuration in this example includes the following parts: logging in to the device as the system
administrator and logging in to the device as the security log administrator.
1. Logging in to the device as the system administrator
• Enable the saving of the security logs into the security log file and set the frequency with which
the system saves the security log file to one hour.
• Create a local user seclog with the password 123123123123 , and authorize this user as the
security log administrator. You must use the authorization-attribute command to set the user
privilege level to 3 and specify the user role as security audit. In addition, specify the service
types that the user can use by using the service-type command.
To Next Page
Loading...
