Audit Information

Contents

1Introduction

2
Audit Log
2.1Syslog
2.2Description of Syslog Entries

3
Audit Trail
3.1Audit Trail in Syslog Example

1   Introduction

Audit information can be used to track access to files, directories, and resources of the system. It enables monitoring of the system for application misbehavior or code malfunctions.

2   Audit Log

The audit log record is forwarded to the syslog interface of the operating system. This provides a common audit trail that can be used for traceability of actions in the system.

2.1   Syslog

The syslog can be read from /var/log/messages, which in turn is a symbolic link to, for example, /var/log/SC-2-1/messages.

2.2   Description of Syslog Entries

The format of the syslog entries is as follows: <date> <time> <hostname> <program_name>: <message>

2.2.1   Ericsson Command-Line Interface Examples

The following Ericsson Command-Line Interface (ECLI) example commands result in the following entries in the syslog:

>ManagedElement=NODE06ST
(ManagedElement=NODE06ST)>configure
(config-ManageElement=NODE06ST)>siteLocation=SEKI2707353A
(config-ManageElement=NODE06ST)>commit
>exit
Feb  4 13:35:22 SC-1 com: interface=cli  user-name=root  session-id=3 ⇒
cmd-grp-name=ComBasicCommands CLI agent connection start.
Feb  4 13:36:12 SC-1 com: interface=cli  user-name=root  session-id=3 ⇒
Invoke setMo(): DN: ManagedElement=NODE06ST class: ManagedElement, ⇒
attribute: siteLocation, value: 'SEKI2707353A'
Feb  4 13:36:35 SC-1 com: interface=cli  user-name=root  session-id=3 ⇒
Transaction 82 Commit
Feb  4 13:38:09 SC-1 com: User name: root, Session Id: 3. Cli agent ⇒
connection end.

2.2.2   NETCONF Interface Example

The following Ericsson NETCONF Interface example commands result in the following entries in the syslog:

<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="1" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
   <edit-config>
      <target>
         <running/>
      </target>
     <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">
      <ManagedElement>
         <managedElementId>1</managedElementId>
         <userLabel>Com</userLabel>
      </ManagedElement>
   </config>
   </edit-config>
</rpc>
]]>]]>
Feb 27 09:38:35 SC-2-1 com: interface=netconf  user-name=root  session-id=1  Batch setting attribute: DN: ManagedElement=1 attrName: userLabel, numAttrValue: 1, attrType: 9, attrValue: <userLabel>Com</userLabel>
Feb 27 09:38:35 SC-2-1 com: interface=netconf  user-name=root  session-id=1  Session terminating (transaction commit)

3   Audit Trail

The audit trail can, for example, be filtered out from the total syslog file by using keywords on the syslog entry, <message>.

3.1   Audit Trail in Syslog Example

<date> <time> <hostname> <program_name>: interface=cli ...
<date> <time> <hostname> <program_name>: interface=netconf ...
Legal | © Ericsson AB 2015, 2017