 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
The system log files are used to log system events in JUNOS and JUNOS-FIPS. Due to the sensitive nature of information used to configure and operate a system running JUNOS-FIPS, you should log certain events and examine the logs frequently.
The following is a recommended system log configuration for JUNOS-FIPS. More types of information can be logged, but these events are particularly important to the JUNOS-FIPS environment.
- [edit]
- system {
-
- syslog {
-
- file authlog {
- authorization info;
- }
-
- file messages {
- any notice;
- }
-
- file auditlog {
- authorization info;
- change-log any;
- interactive-commands any;
- }
- }
- }
This system log configuration logs all authorization events to the /var/log/authlog and /var/log/auditlog files. The audit log file also receives all interactive commands and configuration change events. All events of moderate severity are logged to the /var/log/messages file.
JUNOS-FIPS secrets are not logged. When secret information that would ordinarily be logged in the JUNOS software is encountered, the secrets are replaced with the token /* SECRET-DATA */. For example, a secret string entered as part of the command line is not logged, but is replaced with the following token:
Feb 10 23:57:01 shmoo mgd[15558]: UI_CFG_AUDIT_SET_SECRET: User 'root' set: [system tacplus-server 172.17.12.120 secret] Feb 10 23:57:01 shmoo mgd[15558]: UI_CMDLINE_READ_LINE: User 'root', command 'set system tacplus-server frodo secret /* SECRET-DATA */ '
For more information about system logging, see the JUNOS System Basics Configuration Guide.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |