Log Management for ZTE Core Nodes

7/24/2019 Log Management for ZTE Core Nodes

1/8

Chapter 3

Log ManagementAs an important part of security management, the log management supports the query of

multiple logs. With this function, maintenance engineers can query user operation

information and status of login users.

Logs are classified into operation logs, security logs and system logs. l

Operation logs

Records user operation information, including operation log ID, operator, operation

function, operation level, operation module, IP address, operation details, operation

result, operation failure cause, access mode, start time, end time, and command code.

l Security logs

Records the user login log information, including security log ID, operator, IP address,

security operation, operation time, access mode, and operation details.

l System logs

Records the completion status of timed tasks on the server, including log ID, level,

source, log name, details, host address, start time, end time, and related log.

If the number of the query result records is not greater than 512, the result is directly

displayed. If the number of the query result records is greater than 512, all records are

output to a file and the file path is provided. You can open the file to view the result. If the

number of the query result records exceeds 10,000, a maximum of 10,000 records are

output and the rest records are discarded.

Table of Contents

Querying Operation Logs .............................................................................................. 3-1

Querying Security Logs ................................................................................................. 3-3

Querying System Logs .................................................................................................. 3-5

3.1 Querying Operation LogsBy querying operation logs, you can query the operators logging in to the OMM server,

operation log ID, operator, operation function, operation level, operation module, IP

address, operation details, operation result, operation failure cause, access mode, start

time, ending time, and command code.

3-1

SJ-20120730093520-013|2012-10-31(R1.0) ZTE Proprietary and Confidential


2/8

ZXUN iCX(MSCS) General Operation Guide

Steps

1. In the command box of theTerminalwindow, enter theSHOW CMDLOGcommand,

and select theMore... check box. TheSHOW CMDLOGconfiguration area is

displayed, seeFigure 3-1.

Figure 3-1SHOW CMDLOGConfiguration Area

2. Enter the command parameters as needed. For the parameter description, refer to

Table 3-1.

Table 3-1 SHOW CMDLOG Parameter Description

Parameter Description Setting

User Name Name of the user. If no Enter the name of the user whose operation

name is entered, the logs are to be queried.system queries operation

logs of all users.

Level Level of the operation. Options:Very Important,Important,

Notice,Normal.

Module Module to which the

operation belongs.

Options: Fault Management,

Performance Management,Log

Management,Security Management,

Configuration Management,Trace

Management,Backup and Restore,

CMM Configuration Management,Other

Management,Patrol Management,

Version Management,Patch

Management, Diagnostic Test, and

NTP Management.

IP Address IP address of the

operation.

Enter the IP address of the operation to be

queried. If this parameter is not set, the

system queries all IP addresses.

3-2



3/8

Chapter 3 Log Management


Result Result of the operation. Options:SuccessandFailure.

If this parameter is left blank, the system

queries all operation results.

Mode Mode of accessing the

system.

Including:OMM Client,SSH Client,EMS

Client,NDF Client, andTELNET Client.

Detail Details of an operation. Detailed information of an operation, for

example, a completeMMLcommand.

Start Time Start time of the

operation log to be

queried.

-

End Time End time of the operation The end time must be later than the start

log to be queried. time.

MML Code Code of the operation. -

3. Click to query the operation logs.

Example: If you query all operation logs,Figure 3-2shows the execution result.

Figure 3-2 Result of Querying Operation Logs

- End of Steps -

3.2 Querying Security LogsBy querying security logs, you can know the information about user login, includingsecurity log ID, operator, IP address, security operation, operation time, access mode,

and operation details.

Steps

1. In the command box of theTerminalwindow, enter theSHOW SCRTLOGcommand

and select theMore... check box. TheSHOW SCRTLOGconfiguration area is


3-3



4/8


Figure 3-3SHOW SCRTLOGConfiguration Area


Table 3-2.

Table 3-2 SHOW SCRTLOG Parameter Description


User Name Name of the user whose security

logs you want to query.

Enter the name of the user whose

security logs you want to query

(Security logs of all users are

searched if you leave this text box

blank).

IP Address IP address of the user whose

security logs you want to query.

Select the IP address of the user

whose security logs are to be

queried. If this parameter is not

set, the system queries all IP

addresses.

Security Operation Security operation in the system. Options: Login Successfully,

Login Failed,Logoutand

Security Event.

If this parameter is not set, the

system queries all security

operations.

Mode Mode of accessing the system. Options:OMM Client,TELNETClient,SSH Client,NDF Client

andEMS Client.

If no mode is selected, the system

queries all access modes.

Detail Detailed user operation Enter the detailed user operation

information. information of a user operation,

such as a complete MML

command.

3-4



5/8



Start Time Start time of the security logs. Click theStart Timetext box, and

set the start time in the displayed

calendar control.

End Time End time of the security logs. Click theEnd Timetext box, and

set the end time in the displayed

calendar control.

The end time must be later than

the start time.

3. Click to query the security logs.

Example: If you query all security logs,Figure 3-4shows the execution result.

Figure 3-4 Result of Querying Security Logs

- End of Steps -

3.3 Querying System LogsBy querying system logs, you can know their information, including level, function name, log

name, details, start time and end time.

Steps

1. In the command box of theTerminalwindow, enter theSHOW SYSLOGcommand,

and select theMore... check box. TheSHOW SYSLOGconfiguration area is


3-5



6/8


Figure 3-5SHOW SYSLOGConfiguration Area


Table 3-3.

Table 3-3 SHOW SYSLOG Parameter Description


Level Level of the system log Optional, options:Emergency,Alert,

to be queried. Error,Warning,Notice, andInformation.

Function Name Function name of

the system log to be

queried.

Optional, for example Patrol_Management.

Log Name Name of the system log Optional.

to be queried.

Detail Detailed information of

the system log to be

queried.

Optional.

The entered information supports the fuzzy

match.

Start Time Start time of the system Click theStart Timetext box, and set the

log to be queried. start time in the displayed calendar control.

End Time End time of the system

log to be queried.

Click theEnd Timetext box, and set the

end time in the displayed calendar control.

3. Click to query the system logs.

Example: If you query all system logs,Figure 3-6shows the execution result.

3-6



7/8


Figure 3-6 Result of Querying System Logs

- End of Steps -

3-7



8/8


This page intentionally left blank.

3-8


Documents

Log Management for ZTE Core Nodes