AuditConfigurationArchiveandSoftwareManagementChanges (Network Audit)

Similar documents
Perform Configuration Audits Using Compliance

Navigating Cisco Prime Health and Utilization Monitor Tasks in LMS 4.1

Audit Reports. Change Audit Reports CHAPTER

Embedded Event Manager (EEM)

Introduction to Cisco UCS Central

Setting up. Discovering the Network. Planning Discovery Runs CHAPTER

Add and Organize Devices

Administrative Tasks CHAPTER

Working with Reports. User Roles Required to Manage Reports CHAPTER

Overview. About the Cisco Context-Aware Mobility Solution CHAPTER

Using the Prime Performance Manager Web Interface

Using Homepage. Information About Homepage CHAPTER

Change and Configuration Management Administration

Cisco Prime Network Client Overview

Managing NCS User Accounts

WhatsConfigured for WhatsUp Gold 2016 User Guide

Service Inventory Configuration

User and System Administration

Configuring Service Monitor

Smart Install in LMS CHAPTER

Get Started with Cisco DNA Center

9.2(1)SU1 OL

Inventory Reports. Detailed Device Report CHAPTER

Monitoring the System and Services

User Permissions and Device Access

Best Practices: Server Security Hardening

Navigating Cisco Prime Internetwork Performance Monitor Tasks in LMS 4.1

Logging. About Logging. This chapter describes how to log system messages and use them for troubleshooting.

Understanding the Cisco Prime LMS Interface

Configuring the Cisco APIC-EM Settings

Getting Started. Logging into Cisco Multicast Manager CHAPTER

Read the following information carefully, before you begin an upgrade.

Prime Central Integration

Integrate Cisco IronPort Security Appliance (ESA)

Use Plug and Play to Deploy New Devices

Performing Administrative Tasks

Using Homepage. Information About Hompage CHAPTER

Manage Your Inventory

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

Cisco Unified Service Statistics Manager 8.7

Setting Up the Network for Monitoring

Managing Configurations

Configure Notification

Configuration Export and Import

C H A P T E R Reports Note Cisco Prime Network Control System Configuration Guide OL

H3C Firewall and UTM Devices Log Management with IMC Firewall Manager Configuration Examples (Comware V5)

Cisco Prime Infrastructure 3.4 Administrator Guide

Overview. Introducing Cisco UCS Central. This chapter includes the following sections: Introducing Cisco UCS Central, page 1

With standard audit logging, configuration changes to the system get logged in separate log files for auditing.

Cisco Unified Customer Voice Portal

User and System Administration

Cisco Prime Infrastructure 3.3 Administrator Guide

Overview of the Cisco NCS Command-Line Interface

KYOCERA Net Admin User Guide

MEDIASEAL Encryptor Client Manual

SAS Viya 3.4 Administration: Logging

Introduction to Change and Configuration Management

Configure Cisco DNA Center System Settings

Managing Broadband Access Center

Data Collection and Background Tasks

Cisco Unified Serviceability

Getting Started with Prime Network

Services. Service descriptions. Cisco HCS services

ZENworks 2017 Audit Management Reference. December 2016

Cisco Prime Collaboration Deployment Configuration and Administration

Configuring the Cisco NAM 2220 Appliance

Managing WCS User Accounts

Performance Monitor Administrative Options

Creating Domain Templates Using the Domain Template Builder 11g Release 1 (10.3.6)

Configure System Parameters

With standard audit logging, configuration changes to the system get logged in separate log files for auditing.

User Guide. Kronodoc Kronodoc Oy. Intelligent methods for process improvement and project execution

Lenovo ThinkAgile XClarity Integrator for Nutanix Installation and User's Guide

Integrate Fortinet Firewall. EventTracker v8.x and above

Securing Containers Using a PNSC and a Cisco VSG

Role-Based Access Configuration

This chapter contains the following sections: Logging into Cisco Multicast Manager, page 2-1 Navigating the GUI, page 2-2

Running the Setup Web UI

Cisco Unified Serviceability Administration Guide

HPE Intelligent Management Center

Using NetShow Commands

Managing System Administration Settings

Understanding LMS Tasks

Sponsor Documentation

Configuring Role-Based Access Control

Centrify Infrastructure Services

Managing GSS User Accounts Through a TACACS+ Server

Network Configuration Manager

Managing WCS User Accounts

Labeling NEs Using Business Tags

STRM Log Manager Administration Guide

Cisco IMC Supervisor Rack-Mount Servers Management Guide, Release 1.0

Implementing CiscoWorks LMS 4.0 (CWLMS)

Network Configuration Manager

WEB ANALYTICS HOW-TO GUIDE

Configure Site Network Settings

Configuring Logging. Information About Logging CHAPTER

Configuring Role-Based Access Control

Managing Events and Alarms

SAS Viya 3.3 Administration: Auditing

Transcription:

This section contains the following topics: Audit Configuration Archive and Software Management Changes (Network Audit), on page 1 Audit Changes Made By Users (Change Audit), on page 1 Audit Actions Executed from the GUI (System Audit), on page 3 System Logs, on page 4 AuditConfigurationArchiveandSoftwareManagementChanges (Network Audit) The Network Audit window displays changes made to devices using the Configuration Archive and Software Management features. To view these changes, choose Inventory > Network Audit. Prime Infrastructure lists the most recent devices changes including the type of change (Configuration Archive, Software Image Management). You can also view the most recent changes for a device in the Recent Changes tab of its Device 360 view. Audit Changes Made By Users (Change Audit) Prime Infrastructure supports managing change audit data in the following ways: Generate a Change Audit Report, on page 1 Enable Change Audit Notifications and Configure Syslog Receivers, on page 2 Generate a Change Audit Report The Change Audit report lists the actions that users have performed using theprime Infrastructure features. The following table provides examples of what may appear in a Change Audit report. Feature Examples Device management Device '209.165.202.159' Added User management User mmjones' added 1

Enable Change Audit Notifications and Configure Syslog Receivers Feature Administration Configuration changes Monitoring policies Configuration templates Jobs Inventory Examples Logout successful for user jlsmith from 209.165.202.129 Authentication Failed. Login failed for user fjclark from 209.165.202.125 CLI Commands : ip access-list standard testremark test Monitoring Template 'IF Outbound Errors (Threshold)' Created Configuration Template 'Add-Host-Name-IOS-Test' Created 'Show-Users-On-Device-IOS_1' job of type Config Deploy - Deploy View scheduled. Logical File '/bootflash/tracelogs/inst_cleanup_r0-0.log.19999.20150126210302' deleted. You can schedule a Change Audit report to run on a regular basis and, if desired, Prime Infrastructure can e-mail the results to you. You can also forward this information in a Change Audit notification (see Enable Change Audit Notifications and Configure Syslog Receivers, on page 2). Step 5 Choose Reports > Report Launch Pad, then choose Compliance > Change Audit. Click New to configure a new report. In the Settings area, enter the report criteria (time frame, when to start the report, and so forth). If you want to schedule the report to run at a later time, enter your settings in the Schedule area. You can also specify an e-mail address that the report should be sent to. If you want to run the report immediately, click Run at the bottom of the window. The Report Run Result lists all users and the changes they made during the specified time period. Enable Change Audit Notifications and Configure Syslog Receivers If desired, you can configure Prime Infrastructure to send a change audit notification when changes are made to the system. These changes include device inventory and configuration changes, configuration template and monitoring template operations, and user operations such as logins and logouts and user account changes. You can configureprime Infrastructure to: Forward changes as change audit notifications to a Java Message Server (JMS). Send these messages to specific syslog receivers. For example, when a config archive is collected, Prime Infrastructure receives the syslog, generates trap and sends email to the configured notification destination. If you configure syslog receivers but do not receive syslogs, you may need to change the anti-virus or firewall settings on the destination syslog receiver to permit reception of syslog messages. 2

View Change Audit Details Select Administration > Settings > System Settings, then choose Mail and Notification > Change Audit Notification. Select the Enable Change Audit Notification check box to enable notifications. If you want to send the messages to specific syslog receivers: a) Click the Add button (+) to specify a syslog receiver. b) In the Syslog Receivers area, enter the IP address, protocol, and port number of the syslog receiver. You can repeat these steps as needed to specify additional syslog receivers. Click Save. View Change Audit Details Log in to Prime Infrastructure as an administrator Choose Monitor > Tools > Change Audit Dashboard. The Change Audit Dashboard displays the network audit logs and change audit data of device management, user management, configuration template management, device community and credential changes, and inventory changes of devices. The Change Audit report and Change Audit dashboard display the details irrespective of the virtual domain you are logged in. You can click the export icon to download the audit details as CSV or PDF file. Audit Actions Executed from the GUI (System Audit) Prime Infrastructure sends all change audit notifications in XML format to the topic ChangeAudit.All. You must be subscribed to ChangeAudit.All to receive the notifications. The System Audit window lists all Prime Infrastructure GUI pages that users have accessed. To view a System Audit, choose Administration > Settings > System Audit. The following table shows some of the information you can find from the System Audit page using the quick filter. To enable the quick filter, choose Quick Filter from the Show drop-down list. Find actions performed: By a specific user By all users in a user group On devices in a specific virtual domain Do the following: Enter the username in the Username quick filter field Enter the group name in the User Group quick filter field Enter the virtual domain name in the Active Virtual Domain quick filter field 3

System Logs Find actions performed: By the web GUI root user On a specific device On a specific day Do the following: Select Root User Logs from the Show drop-down list Enter the IP address in the IP Address quick filter field Enter the day in the Audit Time quick filter filed (in the format yyyy mmm dd) System Logs Prime Infrastructure provides three classes of logs which are controlled by choosing Administration > Settings > Logging. Logging Type General SNMP Syslog Description Captures information about actions in the system. Captures interactions with managed devices. Forwards Prime Infrastructure audit logs (as syslogs) to another recipient. See: View and Manage General System Logs, on page 4 Enable SNMP Traces and Adjust SNMP Log Settings (Levels, Size), on page 6 Forward System Audit Logs As Syslogs, on page 5 View and Manage General System Logs You can view system logs after downloading them to your local server. View the Logs for a Specific Job, on page 4 Adjust General Log File Settings and Default Sizes, on page 5 Download and E-Mail Log Files for Troubleshooting Purposes, on page 5 Forward System Audit Logs As Syslogs, on page 5 View the Logs for a Specific Job Choose Administration > Dashboards > Job Dashboard. Choose a job type from the Jobs pane, then select a job instance from the Jobs window. At the top left of the Job instance window, locate the Logs field, then click Download. Open or save the file as needed. 4

Adjust General Log File Settings and Default Sizes Adjust General Log File Settings and Default Sizes By default, Prime Infrastructure logs all error, informational, and trace messages generated by all managed devices. It also logs all SNMP messages and Syslogs that it receives. You can adjust these settings, changing logging levels for debugging purposes. To do the following: Change the size of logs, number of logs saved, and log naming convention Change the logging level for specific modules Download log files for troubleshooting purposes E-mail log files (for example, to the Cisco Technical Center) From Administration > System Settings > Logging: Adjust the Log File Settings. Change these settings with caution to avoid impacting the system. In the General Log Settings, select the files and the desired level, and click Save. You will have to restart Prime Infrastructure for the changes to take effect. In the Download Log File area, click Download. Enter a comma-separated list of e-mail IDs and click Send. Download and E-Mail Log Files for Troubleshooting Purposes This procedure sets and log message levels to Trace. Be sure to return the log message levels to their original setting so system performance is not impacted. Step 5 Step 6 Step 7 Step 8 Choose Administration > Settings > Logging, then choose General Logging Options. the setting in the Message Level drop-down list because you will need to reset it later. In the Enable Log Modules area, select the Log Modules check box to select all modules. Select Trace from the Message Level drop-down list. Reproduce the problem on the system so the details can be captured in the logs. In the Download Log File area, click Download. The download zip file will have the name: NCS-hostname-logs-yy-mm-dd-hh-mm-ss. The file includes an HTML file that lists all files included in the zip file. In the E-Mail Log File area, enter a comma-separated list of e-mail IDs. Revert to the original setting in the Message Level drop-down list. Forward System Audit Logs As Syslogs Choose Administration > Settings > Logging, then choose Syslog Logging Options. 5

Enable SNMP Traces and Adjust SNMP Log Settings (Levels, Size) Step 5 Select the Enable Syslog check box to enable collecting and processing system logs. In the Syslog Host field, enter the IP address of the interface from which the message is to be transmitted. From the Syslog Facility drop-down list, choose any of the eight local use facilities for sending syslog messages. The local use facilities are not reserved and are available for general use. Click Save. Enable SNMP Traces and Adjust SNMP Log Settings (Levels, Size) Enable SNMP tracing to access more detailed information about the packets sent and received through SNMP. You may want to do this when troubleshooting, such as when a trap is dropped. To make the following changes, choose Administration > Settings > Logging, then choose SNMP Logging Options. If you want to: Enable SNMP tracing on specific devices Change the size of logs and number of logs saved Do the following: In the SNMP Log Settings area: 1. Select the Enable SNMP Trace check box and the Display Values check boxes. 2. Enter the IP addresses of the devices you want to trace and click Save. In the SNMP Log File Settings area: Be careful when you change these settings so that you do not impact system performance (by saving too much data). 1. Adjust the maximum number of files and file size. 2. Restart Prime Infrastructure for your changes to take effect. See Stop and Restart Prime Infrastructure. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback