- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Procurve Audit Logging
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2013 01:02 PM
03-26-2013 01:02 PM
Procurve Audit Logging
Ha have a number of 2910al switches on which i need to configure logging for auditing e.g I need to send all of the cli commands and changes to a syslog server. How do I accomplish this?
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-26-2013 03:26 PM
03-26-2013 03:26 PM
Re: Procurve Audit Logging
Did you try the command "logging <server IP>"?
So if your syslog server is at 10.0.0.5 then you would do this:
switch#configure terminal
switch(config)#logging 10.0.0.5
Change the severity also depending on your needs
switch(config)#logging severity <major/error/warning/info/debug>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-27-2013 02:12 AM
03-27-2013 02:12 AM
Re: Procurve Audit Logging
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2013 05:39 AM
03-29-2013 05:39 AM
Re: Procurve Audit Logging
You might want to look into command authorization through radius (aaa authorization commands radius). Even if you configure the radius-server to always allow any command, it leaves you with very good logging of the commands entered.
In my view this is even more reliable than using syslog, because you could configure your devices to become unmanagable when radius is unavailable. In that case, just don't let your radius-server allow commands that change radius-config... When relying on syslog, I could stop the logging and do whatever I want on the switch without you knowing what I did.
Indeed, I like to think worst-case...
It obviously depends on what kind of auditing you are trying to accomplish. But as you have noticed, commands don't get logged to syslog on most ProCurve-gear...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2013 01:12 PM
04-01-2013 01:12 PM
Re: Procurve Audit Logging
Hi,
I'll try that!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2013 04:35 AM
05-24-2013 04:35 AM
Re: Procurve Audit Logging
HI again,
I have implemented the "aaa authorization commands radius" using NPS. However the commands are not written to any logs.. I could imagine that the procurve switch reads the authorized commands from the Radius server and only allow those commands to be executed.
Will a TACAS server help?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-29-2013 03:07 AM
05-29-2013 03:07 AM
Re: Procurve Audit Logging
I'm not aware of "aaa authorization commands radius" logging anything anywhere. Its purpose is to limit the amount of commands that a user can use on the switch.
See for example http://h30499.www3.hp.com/t5/Switches-Hubs-Modems-Legacy-ITRC/commands-authorization-RADIUS-Server/td-p/4574706#.UaXQKZxRjn4
The feature you are looking for does not exist (yet) on the W.xx Provision software branch, as far as I know.
It was specifically requested as an Enhancement for the K-branch software by an enterprise customer, and was implemented in a special build just for this purpose, K.15.06.1002 - which you can find on the website for download: https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=J9539A
Enhancement (PR_0000069196) - Log All Config Changes
If you need this feature on the 2910al, the only way to have it implemented is to open an Enhancement Request via your HP Sales or Account Management contact.
Hope that helps.
Justin
Working @ HPE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2013 12:20 AM
06-07-2013 12:20 AM
Re: Procurve Audit Logging
do you have to use just that software image or is it implemented in newer releases?
We are today running K.15.09.0012.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2013 01:10 AM
06-07-2013 01:10 AM
Re: Procurve Audit Logging
Hi,
This is an doc I made in the past to describe the NPS+radius login for the procurve switches.
Not sure if it works the same way on the 29xx however ...
Best regards,Peter
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-07-2013 04:25 AM
06-07-2013 04:25 AM
Re: Procurve Audit Logging
Hi Peter,
Many thanks for the well written documentation of the setup!!!
/Marcus