Fabric Interconnect Audit Logs

Overview

Fabric Interconnect Audit Logs utilize the Linux Audit Framework (auditd) to deliver comprehensive monitoring and tracking of user and system activities on Fabric Interconnects. This feature systematically captures and records audit events in log files, enhancing security and compliance by enabling administrators to review and analyze operational activities. Auditd-based audit logging is supported on Cisco UCS 6400, 6500, and 6600 Series Fabric Interconnects.


Note

This feature is currently not supported on X-Series Direct (UCSX-S9108-100G) Fabric Interconnects.

Configuring the Fabric Interconnect Audit Logs

You can configure the Fabric Interconnect Audit Logs to enable or disable audit logging and set the desired severity level for log entries.


Note

Before configuring Fabric Interconnect Audit Logs, ensure that Syslog is enabled in UCS Manager so logs can be collected and viewed. Also, ensure that the severity level for both Syslog and Fabric Interconnect Audit Logs is set to Information or Debugging to view the logs. If you plan to send logs to an external server, configure the remote Syslog server accordingly.

Procedure

Step 1

In the Navigation pane, click Admin.

Step 2

Expand All > Faults, Events, and Audit Log.

Step 3

In the work pane, click the Fabric Interconnect Audit Logs tab.

Step 4

In the Admin State field, select one of the following options:

  • Enabled: Activates the audit logging service on the Fabric Interconnects.

  • Disabled: Deactivates the audit logging service on the Fabric Interconnects. This is the default option.

Step 5

In the Severity drop-down list, select the severity level for the audit logs. The available options are:

  • Emergencies (most critical events)

  • Alerts

  • Critical (UCSM Critical)

  • Errors (UCSM Major)

  • Warnings (UCSM Minor)

  • Notifications (UCSM Warning)

  • Information

  • Debugging

Step 6

Click Save Changes to save the configuration.

Viewing and Managing Fabric Interconnect Audit Log Configuration

You can view and manage the configuration settings for Fabric Interconnect Audit Logs page.

Procedure

Step 1

In the Navigation pane, click Admin.

Step 2

Expand All > Faults, Events, and Audit Log.

Step 3

In the work pane, click the Fabric Interconnect Audit Logs tab.

Step 4

The Work pane displays the configuration settings for Fabric Interconnect Audit Logs. You can view and modify these settings as needed.

Note

 

  • The actual audit log entries are not displayed on this page; only configuration options for Fabric Interconnect Audit Logs are available.

  • If audit log entries are not visible, ensure that Syslog is enabled in UCS Manager. Audit logs are routed through Syslog, and their visibility depends on the configured severity levels. Set the severity level for both Fabric Interconnect Audit Logs and Syslog to Information or Debugging to display detailed log entries. Ensure the severity levels match for proper log visibility.

Disabling the Fabric Interconnect Audit Logs

You can unconfigure the Fabric Interconnect Audit Logs to disable the logging service and revert any customized settings to their default values.

Procedure

Step 1

In the Navigation pane, click Admin.

Step 2

Expand All > Faults, Events, and Audit Log.

Step 3

In the work pane, click the Fabric Interconnect Audit Logs tab.

Step 4

In the Admin State field, select Disabled to deactivate the fabric interconnect audit logging service.

Step 5

Click Save Changes to confirm the changes and unconfigure the audit logs.