@秒灵儿
2年前 提问
1个回答
交换机的日志审计怎么开启
安全小白成长记
2年前
交换机本身没有日志审计功能无法开启,需要将日志输出到日志审计设备具体操作步骤如下:
- 使能信息中心功能
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] info-center enable
- 配置向日志主机发送Log信息的信息通道和输出规则
# 命名信息通道。
[SwitchA] info-center channel 6 name loghost1
[SwitchA] info-center channel 7 name loghost2
# 配置Log信息输出到日志主机所使用的信息通道。
[SwitchA] info-center loghost 10.1.1.1 channel loghost1
[SwitchA] info-center loghost 10.1.1.2 channel loghost1
[SwitchA] info-center loghost 10.2.1.1 channel loghost2
[SwitchA] info-center loghost 10.2.1.2 channel loghost2
# 配置向日志主机通道输出Log信息的规则。
[SwitchA] info-center source arp channel loghost1 log level notification
[SwitchA] info-center source aaa channel loghost2 log level warning
- 配置发送日志信息接口的IP地址
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif100
[SwitchA-Vlanif100] ip address 172.16.0.1 255.255.255.0
[SwitchA-Vlanif100] return
在Server端配置日志主机
设备会产生大量的Log信息,而设备本身的存储空间相对有限,就需要配置日志主机实现对设备Log信息的收集。日志主机可以是安装UNIX或LINUX操作系统的主机,也可以是安装第三方日志软件的主机,具体配置步骤请参见相关手册。
检测配置结果
# 查看输出方向为日志主机的配置信息。
<SwitchA> display info-center
Information Center:enabled
Log host:
10.1.1.1, channel number 6, channel name loghost1,
language English , host facility local7
10.1.1.2, channel number 6, channel name loghost1,
language English , host facility local7
10.2.1.1, channel number 7, channel name loghost2,
language English , host facility local7
10.2.1.2, channel number 7, channel name loghost2,
language English , host facility local7
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled,max buffer size 1024, current buffer size 512,
current messages 26, channel number : 4, channel name : logbuffer
dropped messages 0, overwritten messages 0
Trap buffer:
enabled,max buffer size 1024, current buffer size 256,
current messages 11, channel number:3, channel name:trapbuffer
dropped messages 0, overwritten messages 0
logfile:
channel number : 9, channel name : channel9, language : English
Information timestamp setting:
log - date, trap - date, debug - date millisecond
Sent messages = 273456, Received messages = 284845
IO Reg messages = 2 IO Sent messages = 11389
SwitchA的配置文件
#
sysname SwitchA
#
info-center channel 6 name loghost1
info-center channel 7 name loghost2
info-center source ARP channel 6 log level notification
info-center source AAA channel 7 log level warning
info-center loghost 10.1.1.1 channel 6
info-center loghost 10.1.1.2 channel 6
info-center loghost 10.2.1.1 channel 7
info-center loghost 10.2.1.2 channel 7
#
vlan batch 100
#
interface Vlanif100
ip address 172.16.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type hybrid
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
return