Security Settings; Security Audit Logging Mode; Security Audit Onerror Action; Security Audit Server Address - Cisco TelePresence SX10 Quick Set Administrator's Manual
Hide thumbs
Also See for TelePresence SX10 Quick Set:
- Administrator's manual (205 pages) ,
- Reference manual (188 pages) ,
- User manual (38 pages)
Table of Contents
Advertisement
Cisco TelePresence SX10 Quick Set
Introduction
Security settings
Security Audit Logging Mode
Define where to record or transmit the audit logs. The audit logs are sent to a syslog server.
This setting has no effect if the Logging Mode setting is set to Off.
When using the External or ExternalSecure mode you must enter the address of the audit
server in the Security Audit Server Address setting.
Requires user role: AUDIT
Default value: Internal
Value space: External/ExternalSecure/Internal/Off
External: The device sends the audit logs to an external syslog server. The syslog server
must support UDP.
ExternalSecure: The device sends encrypted audit logs to an external syslog server that
is verified by a certificate in the Audit CA list. The Audit CA list file must be uploaded to
the device using the web interface. The common_name parameter of a certificate in the
CA list must match the IP address or DNS name of the syslog server, and the secure
TCP server must be set up to listen for secure (TLS) TCP Syslog messages.
Internal: The device records the audit logs to internal logs, and rotates logs when they
are full.
Off: No audit logging is performed.
Security Audit OnError Action
Define what happens when the connection to the syslog server is lost. This setting is only
relevant when Security Audit Logging Mode is set to ExternalSecure.
Requires user role: AUDIT
Default value: Ignore
Value space: Halt/Ignore
Halt: If a halt condition is detected the device is rebooted and only the auditor is allowed
to operate the unit until the halt condition has passed. When the halt condition has
passed the audit logs are re-spooled to the syslog server. Halt conditions are: A network
breach (no physical link), no syslog server running (or incorrect address or port to the
syslog server), TLS authentication failed (if in use), local backup (re-spooling) log full.
Ignore: The device will continue its normal operation, and rotate internal logs when full.
When the connection is restored it will again send its audit logs to the syslog server.
D15330.18 SX10 Administrator Guide CE9.12, APRIL 2020.
Configuration
Peripherals
Maintenance
Security Audit Server Address
Set the IP address or DNS name of the syslog server that the audit logs are sent to.
This setting is only relevant when Security Audit Logging Mode is set to External or
ExternalSecure.
Requires user role: AUDIT
Default value: ""
Value space: String (0..255)
A valid IPv4 address, IPv6 address, or DNS name.
Security Audit Server Port
The audit logs are sent to a syslog server. Define the port of the syslog server that the
device shall send its audit logs to. This setting is only relevant when Security Audit Server
PortAssignment is set to Manual.
Requires user role: AUDIT
Default value: 514
Value space: Integer (0..65535)
Set the audit server port.
www.cisco.com — Copyright © 2020 Cisco Systems, Inc. All rights reserved.
154
Administrator Guide
Device settings
Device settings
Appendices
Advertisement
Table of Contents
