Secure Access; Audit Trail Log Entries - Cisco 15454-DS1-14= - 1.544Mbps Expansion Module Reference Manual

9.3 Audit Trail

9.2.2.4 Secure Access

Secure access is based on SSH and SSL protocols. Secure access can be enabled for EMS (applicable to
CTC). When access is set to secure, CTC provides enhanced SFTP and SSH security when
communicating with the node.
For more information on how to enable EMS secure access, refer Cisco ONS 15454 Procedure Guide for
instructions.
9.3 Audit Trail
The Cisco ONS 15454 maintains a Telcordia GR-839-CORE-compliant audit trail log that resides on the
TCC2/TCC2P card. Audit trails are useful for maintaining security, recovering lost transactions, and
enforcing accountability. Accountability refers to tracing user activities; that is, associating a process or
action with a specific user. The audit trail log shows who has accessed the system and what operations
were performed during a given period of time. The log includes authorized Cisco support logins and
logouts using the operating system command line interface (CLI), CTC, and TL1; the log also includes FTP
actions, circuit creation/deletion, and user/system generated actions.
Event monitoring is also recorded in the audit log. An event is defined as the change in status of an
network element. External events, internal events, attribute changes, and software upload/download
activities are recorded in the audit trail.
To view the audit trail log, refer to the Cisco ONS 15454 Procedure Guide. You can access the audit trail
logs from any management interface (CTC, CTM, TL1).
The audit trail is stored in persistent memory and is not corrupted by processor switches, resets, or
upgrades. However, if you remove both TCC2/TCC2P cards, the audit trail log is lost.

9.3.1 Audit Trail Log Entries

Table 9-4
Table 9-4
Heading
Date
Num
User
P/F
Operation
Audit trail records capture the following activities:
•
•
•
•
•
Cisco ONS 15454 Reference Manual, R8.5
9-8
contains the columns listed in Audit Trail window.
Audit Trail Window Columns
Explanation
Date when the action occurred
Incrementing count of actions
User ID that initiated the action
Pass/Fail (whether or not the action was executed)
Action that was taken
User—Name of the user performing the action
Host—Host from where the activity is logged
Device ID—IP address of the device involved in the activity
Application—Name of the application involved in the activity
Task—Name of the task involved in the activity (view a dialog box, apply configuration, etc.)
Chapter 9 Security
78-18106-01