5
Performing Other Administration Tasks
60
To Edit an Existing Administrator’s User Name or Password
1
To edit the user name, select the administrator you want to edit from the list.
2
Click
Edit
.
3
To edit the name, type a new name in the User Name field.
4
To edit the password, type a new password for the administrator in the Password field
and confirm the password by retyping it in the Confirm Password field.
5
Click
OK
.
To Delete an Administrator
1
Select the administrator you want to delete from the list.
2
Click
Delete
.
3
Click
Yes
to confirm the deletion.
Audit Information
You can search for and view audit information using the Audit Browser function in the
Management Console. The Audit Query Editor allows you to specify what types of audit
information you want to view using the Audit Browser. Individual audit queries can
be configured and saved in the Audit Browser, allowing you to retrieve specific audit event
types without re-creating the query criteria each time. Once you have set up an audit
query, you can view the audit events that matched that particular audit query.
There are three types of audit events:
■
Rule
: Allows you to request audit events generated by the EFW devices, such as
attempted violations of policy settings or rule matches.
■
If you have selected the policy settings “No Sniffing” or “No Spoofing, No
Routing,” in a policy, all NICs with this policy automatically audit any attempt to
violate these settings. No events related to other policy setting are audited.
■
If the “Audit” checkbox is selected in the rule, rule matches are audited.
■
Policy
: Allows you to request policy-related audit events generated by the Policy
Server, such as assigning a policy to a device set, updates to a policy, or the status
of a policy download.
■
Administrator
: Allows you to request audit events initiated by an administrator,
such as logging in to EFW, moving a device to a new device set, or creating a new
device set.
To see the list of all events audited by the system, click on the Filtering button in the
Advanced Options box, available when viewing any query. Place the cursor over each
event to see a brief description of the event.
Audit events are stored in files that are archived when they reach a certain size.
The archived files are compressed as zip files and placed in the
Program Files/3Com
Corporation/3Com EFW/MySQL/data/audit/logs
directory. The archived files are still
searched during audit queries and are never automatically deleted by the system. If a
system is generating a large amount of audit data, you may want to occasionally delete
older archive files manually.
NOTE:
The disk size of the Policy Server computer and the amount of audit data
generated determine how often archived audit information must be manually
deleted from the computer.