14-38
Configuring and Monitoring Port Security     
Reading Intrusion Alerts and Resetting Alert Flags
will see that the Intrusion Alert entry for port A1 has changed to “No”.   
(Executing show port-security intrusion-log again will result in the same display 
as above, and does not include the Intrusion Alert status.)
HP Switch(config)# port-security a1 clear-intrusion-flag
HP Switch(config)# show interfaces brief
Figure 14-17.Example of Port Status Screen After Alert Flags Reset
For more on clearing intrusions, see “Note on Send-Disable Operation” on 
page 14-35.
Using the Event Log To Find Intrusion Alerts
The Event Log lists port security intrusions as:
W MM/DD/YY HH:MM:SS FFI: port 3 — Security Violation
where “
W” is the severity level of the log entry and FFI is the system module 
that generated the entry. For further information, display the Intrusion Log, 
as shown below.
From the CLI. Type the log command from the Manager or Configuration 
level.
Syntax: log < search-text >
For < search-text >, you can use ffi, security, or violation. For example:
Intrusion Alert on port A1 is now 
Status and Counters - Port Status
      | Intrusion                           MDI  Flow Bcast
  Port         Type      | Alert     Enabled Status Mode       Mode Ctrl Limit
  ------------ --------- + --------- ------- ------ ---------- ---- ---- -----
  1            100/1000T | No        Yes     UP     1000FDx    Auto off  0
  2            100/1000T | No        Yes     UP     1000FDx    Auto off  0
  3            100/1000T | No        Yes     Up     1000FDx    Auto off  0