The advanced console servers can be set to log access to, and communications with. network attached Hosts - in addition to logging the serial port activity. For each Host, when you set up the Permitted Services which are authorized to be used in communicating with Hosts, you also must specify the level of logging that is to be maintained for each service. 
Before clicking Add for a particular TDC/UDP port/service, specify the logging level that is to be maintained for that port/service (on that particular Host). Logging levels are:
- Level 0 - Turns off logging for that selected TDC/UDP port/service to the selected Host
- Level 1 - Logs all user connection events for that service/host to the selected Host
- Level 2 - Logs all data transferred using that service/host to/from the selected Host, and all user connection events.
The data logged in Level 2 is the port data being forwarded between the Host and the gateway (without the SDT SSH encryption). So if HTTP was used for control of a router/firewall and all the local and remote access was undertaken securely through console server (i.e. the permitted service 80/tcp http - 2 is set when the firewall was set up as a Host), then the logged data could be analyzed to see any connections made the firewall's management console and which options had been reconfigured, when and by which user.
Before activating Serial or Network Port logging, you must specify where those logs are to be saved. At the Alerts & Logging: Port Log menu you can specify the remote storage server to be used, and server access details. With the IM4200 and IMG4000 gateways you can also store the logs on the USB flash. 
In addition to the logs which are transmitted for remote/USB flash storage, a cache of the most recent 8K of logged data per serial port is maintained locally (which you can view by selecting Manage: Port Logs).
Comments
0 comments
Article is closed for comments.