Wired Intelligent Edge

 View Only

  • 1.  Procurve Audit Logging

    Posted Mar 26, 2013 04:03 PM

    Ha have a number of 2910al switches on which i need to configure logging for auditing e.g I need to send all of the cli commands and changes to a syslog server. How do I accomplish this?

     

    Thank you



  • 2.  RE: Procurve Audit Logging

    Posted Mar 26, 2013 06:27 PM

    Did you try the command "logging <server IP>"?

     

    So if your syslog server is at 10.0.0.5 then you would do this:

     

    switch#configure terminal

    switch(config)#logging 10.0.0.5

     

    Change the severity also depending on your needs

     

    switch(config)#logging severity <major/error/warning/info/debug>



  • 3.  RE: Procurve Audit Logging

    Posted Mar 27, 2013 05:13 AM
    Yes. But that does not include CLI commands


  • 4.  RE: Procurve Audit Logging

    Posted Mar 29, 2013 08:40 AM

    You might want to look into command authorization through radius (aaa authorization commands radius). Even if you configure the radius-server to always allow any command, it leaves you with very good logging of the commands entered.

    In my view this is even more reliable than using syslog, because you could configure your devices to become unmanagable when radius is unavailable. In that case, just don't let your radius-server allow commands that change radius-config... When relying on syslog, I could stop the logging and do whatever I want on the switch without you knowing what I did.

     

    Indeed, I like to think worst-case...

    It obviously depends on what kind of auditing you are trying to accomplish. But as you have noticed, commands don't get logged to syslog on most ProCurve-gear...



  • 5.  RE: Procurve Audit Logging

    Posted Apr 01, 2013 04:13 PM

    Hi,

     

    I'll try that!



  • 6.  RE: Procurve Audit Logging

    Posted May 24, 2013 07:35 AM

    HI again,

     

    I have implemented the "aaa authorization commands radius" using NPS. However the commands are not written to any logs.. I could imagine that the procurve switch reads the authorized commands from the Radius server and only allow those commands to be executed.

     

     

    Will a TACAS server help?

     



  • 7.  RE: Procurve Audit Logging

    Posted May 29, 2013 06:08 AM
    Hello Fleischen,

    I'm not aware of "aaa authorization commands radius" logging anything anywhere. Its purpose is to limit the amount of commands that a user can use on the switch.

    See for example http://h30499.www3.hp.com/t5/Switches-Hubs-Modems-Legacy-ITRC/commands-authorization-RADIUS-Server/td-p/4574706#.UaXQKZxRjn4

    The feature you are looking for does not exist (yet) on the W.xx Provision software branch, as far as I know.

    It was specifically requested as an Enhancement for the K-branch software by an enterprise customer, and was implemented in a special build just for this purpose, K.15.06.1002 - which you can find on the website for download: https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=J9539A

    Enhancement (PR_0000069196) - Log All Config Changes

    If you need this feature on the 2910al, the only way to have it implemented is to open an Enhancement Request via your HP Sales or Account Management contact.

    Hope that helps.


  • 8.  RE: Procurve Audit Logging

    Posted Jun 07, 2013 03:20 AM

    do you have to use just that software image or is it implemented in newer releases?

    We are today running K.15.09.0012.



  • 9.  RE: Procurve Audit Logging

    Posted Jun 07, 2013 04:11 AM

    Hi,

     

    This is an doc I made in the past to describe the NPS+radius login for the procurve switches.

    Not sure if it works the same way on the 29xx however ...

     

    Best regards,Peter

     



  • 10.  RE: Procurve Audit Logging

    Posted Jun 07, 2013 07:26 AM

    Hi Peter,

     

    Many thanks for the well written documentation of the setup!!!

     

    /Marcus



Related Content