交換機怎么添加進日志審計

回答數量: 1

高級測評師 CISM-WSE

以華為交換機為例將日志輸出到日志審計設備具體操作步驟如下：

使能信息中心功能

<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] info-center enable

配置向日志主機發送Log信息的信息通道和輸出規則

# 命名信息通道。

[SwitchA] info-center channel 6 name loghost1
[SwitchA] info-center channel 7 name loghost2

# 配置Log信息輸出到日志主機所使用的信息通道。

[SwitchA] info-center loghost 10.1.1.1 channel loghost1
[SwitchA] info-center loghost 10.1.1.2 channel loghost1
[SwitchA] info-center loghost 10.2.1.1 channel loghost2
[SwitchA] info-center loghost 10.2.1.2 channel loghost2

# 配置向日志主機通道輸出Log信息的規則。

[SwitchA] info-center source arp channel loghost1 log level notification
[SwitchA] info-center source aaa channel loghost2 log level warning

配置發送日志信息接口的IP地址

[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 100
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 100
[SwitchA-GigabitEthernet0/0/1] quit
[SwitchA] interface vlanif100
[SwitchA-Vlanif100] ip address 172.16.0.1 255.255.255.0
[SwitchA-Vlanif100] return

在Server端配置日志主機

設備會產生大量的Log信息，而設備本身的存儲空間相對有限，就需要配置日志主機實現對設備Log信息的收集。日志主機可以是安裝UNIX或LINUX操作系統的主機，也可以是安裝第三方日志軟件的主機，具體配置步驟請參見相關手冊。
檢測配置結果

# 查看輸出方向為日志主機的配置信息。

<SwitchA> display info-center
Information Center:enabled
Log host:
        10.1.1.1, channel number 6, channel name loghost1,
language English , host facility local7
        10.1.1.2, channel number 6, channel name loghost1,
language English , host facility local7
        10.2.1.1, channel number 7, channel name loghost2,
language English , host facility local7
        10.2.1.2, channel number 7, channel name loghost2,
language English , host facility local7
Console:
        channel number : 0, channel name : console
Monitor:
        channel number : 1, channel name : monitor
SNMP Agent:
        channel number : 5, channel name : snmpagent
Log buffer:
        enabled,max buffer size 1024, current buffer size 512,
current messages 26, channel number : 4, channel name : logbuffer
dropped messages 0, overwritten messages 0
Trap buffer:
        enabled,max buffer size 1024, current buffer size 256,
current messages 11, channel number:3, channel name:trapbuffer
dropped messages 0, overwritten messages 0
logfile:
        channel number : 9, channel name : channel9, language : English  
Information timestamp setting:
        log - date, trap - date, debug - date millisecond

 Sent messages = 273456, Received messages = 284845

 IO Reg messages = 2 IO Sent messages = 11389

SwitchA的配置文件

#
sysname SwitchA
#
info-center channel 6 name loghost1
info-center channel 7 name loghost2
info-center source ARP channel 6 log level notification
info-center source AAA channel 7 log level warning
info-center loghost 10.1.1.1 channel 6
info-center loghost 10.1.1.2 channel 6
info-center loghost 10.2.1.1 channel 7
info-center loghost 10.2.1.2 channel 7
#
vlan batch 100
#
interface Vlanif100
 ip address 172.16.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 100
 port hybrid untagged vlan 100
#
return

回答所涉及的環境：聯想天逸510S、Windows 10。

1年前 / 評論