@苏苏
2年前 提问
1个回答

交换机怎么添加进日志审计

delay
2年前

以华为交换机为例将日志输出到日志审计设备具体操作步骤如下:

  1. 使能信息中心功能
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] info-center enable
  1. 配置向日志主机发送Log信息的信息通道和输出规则
# 命名信息通道。

[SwitchA] info-center channel 6 name loghost1
[SwitchA] info-center channel 7 name loghost2

# 配置Log信息输出到日志主机所使用的信息通道。

[SwitchA] info-center loghost 10.1.1.1 channel loghost1
[SwitchA] info-center loghost 10.1.1.2 channel loghost1
[SwitchA] info-center loghost 10.2.1.1 channel loghost2
[SwitchA] info-center loghost 10.2.1.2 channel loghost2

# 配置向日志主机通道输出Log信息的规则。

[SwitchA] info-center source arp channel loghost1 log level notification
[SwitchA] info-center source aaa channel loghost2 log level warning
  1. 配置发送日志信息接口的IP地址
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif100
[SwitchA-Vlanif100] ip address 172.16.0.1 255.255.255.0
[SwitchA-Vlanif100] return
  1. 在Server端配置日志主机

    设备会产生大量的Log信息,而设备本身的存储空间相对有限,就需要配置日志主机实现对设备Log信息的收集。日志主机可以是安装UNIX或LINUX操作系统的主机,也可以是安装第三方日志软件的主机,具体配置步骤请参见相关手册。

  2. 检测配置结果

# 查看输出方向为日志主机的配置信息。

<SwitchA> display info-center
Information Center:enabled
Log host:
        10.1.1.1, channel number 6, channel name loghost1,
language English , host facility local7
        10.1.1.2, channel number 6, channel name loghost1,
language English , host facility local7
        10.2.1.1, channel number 7, channel name loghost2,
language English , host facility local7
        10.2.1.2, channel number 7, channel name loghost2,
language English , host facility local7
Console:
        channel number : 0, channel name : console
Monitor:
        channel number : 1, channel name : monitor
SNMP Agent:
        channel number : 5, channel name : snmpagent
Log buffer:
        enabled,max buffer size 1024, current buffer size 512,
current messages 26, channel number : 4, channel name : logbuffer
dropped messages 0, overwritten messages 0
Trap buffer:
        enabled,max buffer size 1024, current buffer size 256,
current messages 11, channel number:3, channel name:trapbuffer
dropped messages 0, overwritten messages 0
logfile:
        channel number : 9, channel name : channel9, language : English  
Information timestamp setting:
        log - date, trap - date, debug - date millisecond

 Sent messages = 273456, Received messages = 284845

 IO Reg messages = 2 IO Sent messages = 11389

SwitchA的配置文件

#
sysname SwitchA
#
info-center channel 6 name loghost1
info-center channel 7 name loghost2
info-center source ARP channel 6 log level notification
info-center source AAA channel 7 log level warning
info-center loghost 10.1.1.1 channel 6
info-center loghost 10.1.1.2 channel 6
info-center loghost 10.2.1.1 channel 7
info-center loghost 10.2.1.2 channel 7
#
vlan batch 100
#
interface Vlanif100
 ip address 172.16.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 100
 port hybrid untagged vlan 100
#
return