Reporting Management User Activities

The device can report operations (activities) performed in the device's management interfaces (e.g., Web and CLI) by management users, in Syslog messages. The Syslog message indicates these logs with the string "Activity Log". Each logged user activity includes the following information:

■

Username (e.g., "Admin") of the user that performed the action

■

IP address of the client PC from where the Web user accessed the management interface

■

Protocol used for the session (e.g., SSH or HTTP)

The following example shows a Web-user activity log (indicating a login action) with the above-mentioned information:

14:07:46.300 : 10.15.7.95 : Local 0   :NOTICE  : [S=3149] [BID=3aad56:32]  Activity Log: WEB: Successful login at 10.15.7.95:80. User: Admin. Session: HTTP (10.13.22.54)

The device can report the following user activities:

■

Modifications of individual parameters, for example:

14:33:00.162 : 10.15.7.95 : Local 0   :NOTICE  : [S=3403] [BID=3aad56:32]  Activity Log: Max Login Attempts was changed from '3' to '2'. User: Admin. Session: HTTP (10.13.22.54)

■

Modifications of table fields, and addition and deletion of table rows, for example:

14:42:48.334 : 10.15.7.95 : NOTICE  : [S=3546] [BID=3aad56:32]  Activity Log: Classification - remove line 2. User: Admin. Session: HTTP (10.13.22.54)

■

Entered CLI commands (modifications of security-sensitive commands are logged without the entered value).

■

Configuration file load (reported without per-parameter notifications).

■

Auxiliary file load and software update.

■

Device reset and burn to flash memory.

■

Access to unauthorized Web pages according to the Web user's access level.

■

Modifications of "sensitive" parameters.

■

Actions not related to parameter changes (for example, file uploads, file delete, lock-unlock maintenance actions, LDAP clear cache, register-unregister, and start-stop trunk). In the Web, these actions are typically done by clicking a button (e.g., the LOCK button).

For more information on each of the above listed options, see Syslog, CDR and Debug Parameters.

The following procedure describes how to configure management user activity logging through the Web interface. You can also configure it through ini file [ActivityListToLog] or CLI (configure troubleshoot > activity-log).

➢

To configure reporting of management user activities:

Open the Logging Settings page (Troubleshoot tab > Troubleshoot menu > Logging folder > Logging Settings).

Under the Activity Types to Report group, select the actions to report to the Syslog server. To select (or deselect) all activity types, click the 'Select All' check box.

Click Apply.

●

You can also view logged user activities in the Web interface (see Viewing Web User Activity Logs).

●

Logging of CLI commands can only be configured through CLI or ini file.

●

You can configure the device to send an SNMP trap each time a user performs an action. For more information, see Enabling SNMP Traps for Web Activity.