The Security Settings - Cisco TelePresence SX20 Quick Set Administrator's Manual

Cisco TelePresence SX20 Quick Set
AdministrAtor guide
Table of contents Introduction
The Security settings
Security Audit Server Address
Enter the external/global IP-address to the audit syslog server. IPv6 is not supported.
NOTE: Requires a restart of the system for any change to take effect.
Requires user role: AUDIT
Value space: <S: 0, 64>
Format: String with a maximum of 64 characters.
Example: Security Audit Server Address: ""
Security Audit Server Port
Enter the port of the syslog server that the system shall send its audit logs to. The default port is
514.
NOTE: Requires a restart of the system for any change to take effect.
Requires user role: AUDIT
Value space: <0..65535>
Range: Select a value from 0 to 65535.
Example: Security Audit Server Port: 514
Security Audit OnError Action
Describes what actions will be taken if connection to the syslog server is lost. This setting is only
relevant if Security Audit Logging Mode is set to ExternalSecure.
NOTE: Requires a restart of the system for any change to take effect.
Requires user role: AUDIT
Value space: <Halt/Ignore>
Halt: If a halt condition is detected the unit is rebooted and only the auditor is allowed to
operate the unit until the halt condition has passed. When the halt condition has passed
the audit logs are re-spooled to the external server. Halt conditions are: A network breach
(no physical link), no external syslog server running (or wrong server address or port), TLS
authentication failed (if in use), local backup (re-spooling) log full.
Ignore: The system will continue its normal operation, and rotate internal logs when full. When
connection is restored it will again send its audit logs to the syslog server.
Example: Security Audit OnError Action: Ignore
D14908.01 SX20 Administrator Guide (TC5.1) | 2012 FEBRUARY | © 2012 Cisco Systems, Inc. All rights reserved.
Web interface Advanced settings Advanced settings Appendices
Security Audit Logging Mode
Describes where the audit logs are recorded or transmitted.
NOTE: Requires a restart of the system for any change to take effect.
Requires user role: AUDIT
Value space: <Off/Internal/External/ExternalSecure>
Off: No audit logging is performed.
Internal: The system records the audit logs to internal logs, and rotates logs when they are
full.
External: The system sends the audit logs to an external audit syslog server. The external
server must support TCP.
ExternalSecure: The system sends encrypted audit logs to an external audit server that is
verified by a certificate in the Audit CA list. The Audit CA list file must be uploaded to the
codec using the web interface. The common_name parameter of a certificate in the CA list
must match the IP address of the syslog server.
Example: Security Audit Logging Mode: Off
Security Session ShowLastLogon
When logging in to the system using SSH or Telnet you will see the UserId, time and date of the
last session that did a successful login.
Requires user role: ADMIN
Value space: <Off/On>
On: Set to On to enable the possibility to show information about the last session.
Off: Set to Off to disable the possibility to show information about the last session.
Example: Security Session ShowLastLogon: Off
Security Session InactivityTimeout
Determines how long the system will accept inactivity from the user before he is automatically
logged out.
Requires user role: ADMIN
Value space: <0..10000>
Range: Select a value from 0 to 10000 seconds. 0 means that inactivity will not enforce
automatically logout.
Example: Security Session InactivityTimeout: 0
52
www.cisco.com