HPE Community
IMC
1752828 Members
3820 Online
108789 Solutions
New Discussion

Re: Help in local-user and iMC.......

 
MohammadH
Regular Advisor

‎03-24-2013 02:48 AM

‎03-24-2013 02:48 AM

Help in local-user and iMC.......

Hi

we have local user (admin) in the switch 4800G and 2900al I want to see what the configure he change from iMC we have 70 switch I want to see them all in the same time not go to switch's one by one to see the log.

 

and thank you.

0 Kudos
21 REPLIES 21
LindsayHill
Honored Contributor

‎03-24-2013 03:26 PM

‎03-24-2013 03:26 PM

Re: Help in local-user and iMC.......

If I'm understanding it right, what you want to do is to generate a report that shows you all changes, across all devices (or maybe a group of devices). Is that correct?

 

I don't think that this capability currently exists. It's easy enough to see what's changed on an individual device basis, but it's not so easy to generate a single report showing changes across all devices.

 

I haven't dug into the ProCurve options around logging commands, but you may be able to get the switches to log all executed commands to your syslog server. I know you can do it with IOS, so it should be possible on HP switches. Set the syslog server to be the IMC system, and you'll be able to see the logs.

 

You should also be using centralised AAA, so you can control users, and log all commands. Then set up an alert whenever someone logs in with a local admin account, rather than using AAA.

__
@northlandboy
0 Kudos
MohammadH
Regular Advisor

‎03-24-2013 10:47 PM

‎03-24-2013 10:47 PM

Re: Help in local-user and iMC.......

Hi

I think you don't understand me I mean by local user in the switch not a computer user I want to know what the change in group  of (switch's) in configure like vlan , inter disable,...  ,

 

and

 

how can I Set the syslog server to be the IMC system ?

 

I try to use Configuration Templates I add new Template the configure for the Template you can see it in the attachment.

 

Thank you for your help.

0 Kudos
LindsayHill
Honored Contributor

‎03-24-2013 11:25 PM

‎03-24-2013 11:25 PM

Re: Help in local-user and iMC.......

@MohammadH wrote:

I think you don't understand me I mean by local user in the switch not a computer user I want to know what the change in group  of (switch's) in configure like vlan , inter disable,...  ,

 

I wasn't referring to a computer user - I was referring to users logging into the switches or routers.

 

@MohammadH wrote:

how can I Set the syslog server to be the IMC system ?

 

I try to use Configuration Templates I add new Template the configure for the Template you can see it in the attachment.

 

Thank you for your help.


Config to set the syslog destination on a Comware-based switch would look something like:

info-center enable
info-center loghost 10.1.1.200
info-center source default channel loghost log level information
info-center source default channel loghost trap level information
info-center source default channel loghost debug state off
 
In general, if you want to look at logs across a range of devices, you don't log into them all and go "display log" - instead, you configure them to all send syslogs to a central destination, and you search there. Using config templates in IMC is more intended for pushing out configuration changes, rather than looking at logs.

 

 

__
@northlandboy
0 Kudos
MohammadH
Regular Advisor

‎03-25-2013 12:34 AM

‎03-25-2013 12:34 AM

Re: Help in local-user and iMC.......

Hi

sorry I misunderstand you

thank you for the configure can I have the configure for 2900 and do I need change any sitting in iMC so he can get the log from the switch ? I want to ask can make the iMC send email if the user change the configure in the switch's ??


and

 

Thank you for your help

0 Kudos
LindsayHill
Honored Contributor

‎03-25-2013 12:53 AM

‎03-25-2013 12:53 AM

Re: Help in local-user and iMC.......

On ProCurve, the commands are something like:

logging 10.1.1.100

logging severity info

 

IMC will be set up to receive syslogs by default, BUT you may need to check your firewall on your server, to ensure it allows inbound syslog.

 

Once IMC is receiving syslogs, you should see syslogs at Alarm -> Syslog Management -> Browse Syslog.

 

If the switches are configured to send SNMP traps to the IMC server, and they send SNMP traps for config changes, that will generate alarms, which you can use to send emails. Those will just be generic alerts every time someone enters config mode.

 

If you want more complex alerts, you can configure syslog templates to match specific patterns, configure syslog to alarm escalation, and configure email alerts based on those.

__
@northlandboy
0 Kudos
MohammadH
Regular Advisor

‎03-25-2013 10:43 PM

‎03-25-2013 10:43 PM

Re: Help in local-user and iMC.......

Hi

thank you for configure for the ProCurve, are you by (If the switches are configured to send SNMP traps to the IMC server)

you mean the config for the syslogs ?

 

and thank you for your help.

 

0 Kudos
LindsayHill
Honored Contributor

‎03-25-2013 11:14 PM

‎03-25-2013 11:14 PM

Re: Help in local-user and iMC.......

No, SNMP traps are configured separately to syslogs. They are different protocols, used for different purposes (although I guess there is some overlap in use/functionality).

You might want to do some reading on SNMP, and traps, and how they work in general. Might make it a bit clearer.
__
@northlandboy
0 Kudos
MohammadH
Regular Advisor

‎03-25-2013 11:52 PM

‎03-25-2013 11:52 PM

Re: Help in local-user and iMC.......

Hi

I know what the SNMP traps I want to know how to config the switch and iMC so if someone login to switch or change the config or the login fail or successful the iMC will send Email Notification.

 

I try to do it but No luck...!!

 


and

Thank you for your help.

 

0 Kudos
LindsayHill
Honored Contributor

‎03-26-2013 12:07 AM

‎03-26-2013 12:07 AM

Re: Help in local-user and iMC.......

@MohammadH wrote:

I want to know how to config the switch and iMC so if someone login to switch or change the config or the login fail or successful the iMC will send Email Notification.

 

OK. Let's start from the top. If you want an email on all logins, and config changes, then let's start by using syslog. 

 

On the switches themselves, when you login and make a change, does it display anything in your syslogs?

 

Deal with that first. You may need to change the configs. I haven't looked into it for Comware/ProCurve, but Cisco switches need configuration to log failed login atempts.

 

Once that's working, make sure that the switches are sending syslogs to the IMC server. 

 

When you've got syslog entries for logins + config changes being sent to the IMC server, and visible in Alarms -> Syslog Management, come back here, and we'll walk through turning those syslog entries into emails.

 

The other thing you should be doing is implementing centralised AAA. This will give you MUCH better visibility and control.

__
@northlandboy
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.