Details

ArubaOS-Switch provides both locally stored event and security logs, as well as using the syslog protocol to forward events to a remote server for auditing purposes. Logged events can be filtered by severity level, originating system modules, or using regular expressions to match against message text.

Solution

The syslog client is capable of connecting to a server using UDP (default) or TCP protocols. Use the following command to configure the switch to forward all events with a severity of warning or higher to a syslog server located at 10.100.1.250 using the mgmt VRF:

switch(config)# logging 10.100.1.250 vrf mgmt severity warning

Supportive Information

The following resource is also helpful.

• https://support.hpe.com/hpesc/public/docDisplay?docId=a00053695en_us

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system ArubaOS.

References

• 800-53|AU-12c.

Source

• Tenable.com/audits