
57
1.
Logging in to the device as the system administrator
•
Enable the saving of the security logs into the security log file and set the frequency with which the
system saves the security log file to one hour.
•
Create a local user
seclog
with the password
123123123123
, and authorize this user as the security
log administrator. That is, you need to use the
authorization-attribute
command to set the user
privilege level to 3 and specify the user role as security audit. In addition, specify the service types
that the user can use by using the
service-type
command.
•
Set the authentication mode to
scheme
for the user logging in to the device, and make sure that only
the local user that has passed the AAA local authentication can view and perform operations on the
security log file.
2.
Logging in to the device as the security log administrator
•
Set the directory for saving the security log file to
Flash:/securitylog/seclog.log
.
•
View the contents of the security log file to get the security status of the device.
Configuration procedure
1.
Configuration performed by the system administrator
# Enable the saving of the security logs into the security log file and set the frequency with which the
system automatically saves the security log file to one hour.
<Sysname> system-view
[Sysname] info-center security-logfile enable
[Sysname] info-center security-logfile frequency 3600
# Create a local user
seclog
, and configure the password for the user as
123123123123
.
[Sysname] local-user seclog
New local user added.
[Sysname-luser-seclog] password simple 123123123123
# Authorize the user to manage the security log file.
[Sysname-luser-seclog] authorization-attribute level 3 user-role security-audit
# Authorize the user to use SSH, Telnet, and terminal services.
[Sysname-luser-seclog] service-type ssh telnet terminal
[Sysname-luser-seclog] quit
# According to the network plan, the user will log in to the device through SSH or telnetting, so you need
to configure the authentication mode of the VTY user interface as
scheme
.
[Sysname] display user-interface vty ?
INTEGER<0-15> Specify one user terminal interface
The above information indicates that the device supports sixteen VTY user interfaces, which are
numbered 0 through 15.
[Sysname] user-interface vty 0 15
[Sysname-ui-vty0-15] authentication-mode scheme
[Sysname-ui-vty0-15] quit
2.
Configuration performed by the security log administrator
# Re-log in to the device as user
seclog
.
C:/> telnet 1.1.1.1
******************************************************************************
* Copyright (c) 2004-2011 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *