Fabric Interconnect Audit Logs

Overview

Fabric Interconnect Audit Logs utilize the Linux Audit Framework (auditd) to deliver comprehensive monitoring and tracking of user and system activities on Fabric Interconnects. This feature systematically captures and records audit events in log files, enhancing security and compliance by enabling administrators to review and analyze operational activities. Auditd-based audit logging is supported on Cisco UCS 6400, 6500, and 6600 Series Fabric Interconnects.

Note

This feature is currently not supported on X-Series Direct (UCSX-S9108-100G) Fabric Interconnects.

Configuring Fabric Interconnect Audit Logs

You can configure the Fabric Interconnect Audit Logs to enable audit logging and set the desired severity level for log entries.

Note

Before configuring Fabric Interconnect Audit Logs, ensure that Syslog is enabled in UCS Manager so logs can be collected and viewed. Also, ensure that the severity level for both Syslog and Fabric Interconnect Audit Logs is set to Information or Debugging to view the logs. If you plan to send logs to an external server, configure the remote Syslog server accordingly.

Procedure

	Command or Action	Purpose
Step 1	UCS-FI-A# scope monitoring	Enters monitoring mode.
Step 2	UCS-FI-A /monitoring # scope fabric-interconnect-audit-logs	Enters the Fabric Interconnect Audit Logs scope.
Step 3	UCS-FI-A /monitoring/fabric-interconnect-audit-logs # enable	This command enables the Fabric Interconnect Audit Logs feature.
Step 4	UCS-FI-A /monitoring/fabric-interconnect-audit-logs* # set level debugging	This command sets the audit log level to `debugging`.
Step 5
Step 6	UCS-FI-A /monitoring/fabric-interconnect-audit-logs* # commit bufffer	This command applies the pending configuration changes.

Example

The following example shows how to configure the Fabric Interconnect Audit Logs:

UCSM-HH-22-106-A /monitoring/fabric-interconnect-audit-logs # enable
UCSM-HH-22-106-A /monitoring/fabric-interconnect-audit-logs* # set level debugging
UCSM-HH-22-106-A /monitoring/fabric-interconnect-audit-logs* # commit-buffer
UCSM-HH-22-106-A /monitoring/fabric-interconnect-audit-logs # show

Fabric Interconnect Audit Logs:
    Admin State    Severity
    ---------------------------------------
    Enabled        Debugging

Viewing Fabric Interconnect Audit Logs

You can view the configuration and status of Fabric Interconnect Audit Logs using the UCS Manager CLI. This section describes how to access and display audit log settings for fabric interconnects.

Procedure

Command or Action

Purpose

Step 1

UCS-FI-A# scope monitoring

Enters monitoring mode.

Step 2

UCS-FI-A /monitoring # scope fabric-interconnect-audit-logs

Enters the Fabric Interconnect Audit Logs scope.

Step 3

UCS-FI-A /monitoring/fabric-interconnect-audit-logs # show

This command displays the current configuration and severity level.

Note

If you have configured Fabric Interconnect Audit Logs but do not see any entries in the logs, verify that Syslog is enabled in UCS Manager, as audit logs are routed through Syslog. Also, ensure that the severity levels for both Fabric Interconnect Audit Logs and Syslog match and are set to Information or Debugging to display detailed logs.

Example

The following example shows how to view the configuration of Fabric Interconnect Audit Logs:

UCSM-HH-22-106-A # scope monitoring
UCSM-HH-22-106-A /monitoring # scope fabric-interconnect-audit-logs
UCSM-HH-22-106-A /monitoring/fabric-interconnect-audit-logs # show

Fabric Interconnect Audit Logs:
Admin State    Severity 
-------------------------------------------
Enabled        Debugging
UCSM-DEV-HH-22-106-A /monitoring/fabric-interconnect-audit-logs #

Disabling Fabric Interconnect Audit Logs

Procedure

	Command or Action	Purpose
Step 1	UCS-FI-A# scope monitoring	Enters monitoring mode.
Step 2	UCS-FI-A /monitoring # scope fabric-interconnect-audit-logs	Enters the Fabric Interconnect Audit Logs scope.
Step 3	UCS-FI-A /monitoring/fabric-interconnect-audit-logs # disable	This command disables the Fabric Interconnect Audit Logs feature.
Step 4	UCS-FI-A /monitoring/fabric-interconnect-audit-logs* # commit bufffer	This command applies the configuration changes.

Example

The following example demonstrates the disabled the fabric interconnect audit logs:

UCSM-HH-22-106-A /monitoring/fabric-interconnect-audit-logs # disable
UCSM-HH-22-106-A /monitoring/fabric-interconnect-audit-logs* # commit-buffer
UCSM-HH-22-106-A /monitoring/fabric-interconnect-audit-logs # show

Fabric Interconnect Audit Logs:
    Admin State     Severity
    ---------------------------------------
    Disabled        Debugging

Cisco UCS Manager System Monitoring Guide Using the CLI, Release 6.0

Bias-Free Language

Book Title

Cisco UCS Manager System Monitoring Guide Using the CLI, Release 6.0

Chapter Title