- Community Home
- >
- Networking
- >
- IMC
- >
- You can use either RADIUS or TACACS (with IMC's TA...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-26-2013 03:51 AM
тАО03-26-2013 03:51 AM
Re: Help in local-user and iMC.......
Hi
if you mean by implementing centralised AAA the RADIUS server if that so we plan it in the future to install RADIUS server,
I finish configure in the switch when I change the config in the switch I can see it in the :
(Alarm -> Syslog Management -> Browse Syslog),
so what the next step ?
and
thank you for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-26-2013 11:20 PM - edited тАО03-27-2013 01:29 AM
тАО03-26-2013 11:20 PM - edited тАО03-27-2013 01:29 AM
You can use either RADIUS or TACACS (with IMC's TAM if yo...
Now, if we used SNMP traps, we can immediately escalate those to alarms. Since it's syslog, we need to go through another step. Bear with me, and we'll work through it in stages.
First you need to define a Syslog Template. This will match specific patterns in the syslog entries. We can later use this template to create alarms. Once we can create alarms, we should be able to turn those into emails.
Go to Alarms -> Syslog Management -> Syslog Templates. Click Add, and give it a name, and Template Content. This is the patterns to match in the syslog entry. Note that you can grab specific parts of the syslog, and assign them to parameters. For now, maybe just keep it simple. If your syslog entry looks something like this: "User admin logged in via console", then you could have a pattern Template Content like: "User $(user) logged in via $(interface)"
Click OK to save that.
Now go to "Syslog to Alarm". Click Add. Give it a name & Description. Key things to change here are the Alarm Level, and the Repeat interval/repeat time. The default is to only generate an alarm for 50 events in 300s. You probably want 1 event in 1s. Set the severity to whatever you want.
In the "Alarm Description" field, just leave it as %syslog% for now. Later you can change the message if you like, using some of those parameters we got earlier. Select a Syslog Template - use the one you defined earlier. Hit OK on that.
Now try triggering some of the events that cause that syslog. See if you can see the entry in "Browse Syslog". Then go and check "Alarm Browse -> Real-Time Alarms", and see if you can see the alarm there.
Get that working, then we'll look at generating emails.
- Tags:
- lindsayhill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-27-2013 12:59 AM
тАО03-27-2013 12:59 AM
Re: lindsayhill
Hi
I want to ask the do I need active directory with TACACS ? If so is there a way to use TACACS without active directory ???
and
will the (User $(user) logged in via $(interface)) work with telnet ?? or only the console ?! Because I try it whit telnet but can't see anything in (Alarm Browse -> Real-Time Alarms) ?!
I have Filtering Trap will it effect the syslog ? I have attachment you can see the Trap.
Thank you for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-27-2013 01:29 AM
тАО03-27-2013 01:29 AM
I haven't used TAM, so I can't comment on that. You'd hav...
That template example was just a random example - I don't know what your syslogs patterns look like. You need to look at your syslogs, and come up with a pattern that works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-27-2013 02:04 AM
тАО03-27-2013 02:04 AM
Re: I haven't used TAM, so I can't comment on that. You'd hav...
Hi
I try to change the template but no lock, the syslogs patterns you can see it in the attachment,
and
thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-27-2013 02:15 AM
тАО03-27-2013 02:15 AM
Re: I haven't used TAM, so I can't comment on that. You'd hav...
Looking at those logs, you could probably also use snmp traps if you wanted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-27-2013 03:21 AM
тАО03-27-2013 03:21 AM
Re: I haven't used TAM, so I can't comment on that. You'd hav...
Hi
I look at them and I try different Template Content but no louk I will try again then come back here if it work.
and
Thank you for your help so much.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-27-2013 04:00 PM
тАО03-27-2013 04:00 PM
Re: I haven't used TAM, so I can't comment on that. You'd hav...
My advice would be to start simple with your templates. Don't worry about parameters, etc. just yet. Keep it simple, until you know you're matching what you need.
e.g. for the Failed Login syslog, I might just look for "h3cLoginAuthenFailure"
Make sure that your syslog to alarm template changes the counters too, to alarm for every message, not for the default of 50 messages received in 5 minutes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-28-2013 01:50 PM
тАО03-28-2013 01:50 PM
Re: Help in local-user and iMC.......
Hi,
On comware devices (4800), you can enable shell logging to a specific syslog server. This means that all typed commands (as shown in the local log file with display logging) can be sent to an external syslog server.
If you do not want these on the default syslog server, you can use a dedicated channel (output channel), disable all other features (default), and enable the SHELL source on this new channel.
Next configure a specific syslog IP for this channel.
This would be a sample config:
info-center channel 6 name loghostshell
info-center source default channel 6 log state off trap state off
info-center source SHELL channel 6
info-center loghost 192.168.5.42 channel 6
This is not possible on provision devices. For these you need to configure an external radius server for login. The provision switches can use radius accounting to log all operator commands to an external system.
I have attached a configuration guide I have made in the past which explains the steps with a microsoft NPS radius server.
Hope this helps,
Best regards,Peter.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-07-2013 10:48 PM
тАО04-07-2013 10:48 PM
Re: I haven't used TAM, so I can't comment on that. You'd hav...
Hi northlandboy
sorry I take long time, I make it work but only send email the first time I login but sometime not send email and same for the command when I input any command it only send the first command then will not send any email so it almost work,
I use more then one templates for login and and logout, for the command change:
for the login:
---------------
<h3cLogIn>: $(UserName) login from VTY
------
$(UserName) logged in from $(Source IP).
------------------------------------------
for the logout:
---------------
<h3cLogOut>: $(UserName) logout from VTY
------
<h3cLogInAuthenFailure>: $(UserName) failed to login from VTY, reason is 2
------
TELNET user $(UserName) failed to log in from $(Source IP) on VTY0
------
$(UserName) logged out from $(Source IP).
-----------------------------------------------------
for the cammad change:
-------------------------
-Task=vt0-IPAddr=$(Source IP)-User=$(UserName); Command is
or
$(Source IP)-User=$(UserName); Command is
------------------------------------------------------------------------------------
hi Peter_Debruyne
thank you for the guide it really help me , and for the config sample.
----------------------------------------------------------------------
thank you for taking your time to help.