Security audit covers identifying, recording, storing, and analyzing information related to security behaviors. The security audit result is used to determine which security behaviors are performed and which users are responsible for these behaviors. The information required for audit must be stored in independent logs, and independent security channels must be allocated to ensure that these logs are not tampered with, deleted, or deciphered. The security level of security logs for audit must be higher than that of common logs. Even if the system is attacked, security logs are not tampered with. Security logs are used to analyze and trace attacks on devices.
Security logs include system boot verification logs, account login logs (such as AAA logs), account management logs, network security event logs, and operation logs and certificate key management logs.
If the device is attacked or the system has security risks, run the display logfile cfcard:/logfile/security/security.log command in the system view to check logs based on log IDs. You can check the timeline and determine whether unauthorized access occurs during system running.
Run the display logfile cfcard:/logfile/security/security.log command to view detailed security log information, including the log time, event type, event content, and event trigger conditions.
<HUAWEI> display logfile cfcard:/logfile/security/security.log ############################################################################### # This logfile is generated at slot 1 # Digest(0000029124):aea3e0df5dd7b86e5db512c1f67d950299e1f88e3b605526ddc3bcc2c50acac4 ############################################################################### Jun 11 2019 07:41:21 HUAWEI %%01OPS/5/OPS_LOGIN(s):CID=0x80b40431;Succeeded in establishing the OPS connection.(ServiceType=embedding-script, UserName=_SYSTEM_, Ip=0.0.0.0, VpnName=_public_)