Logging Changes to Secret Data
The following are examples of audit logs of events that change the secret data.
Load Merge
When a load merge
command is issued
to merge the contents of the example Common Criteria configuration
with the contents of the original configuration, the following audit
logs are created concerning the secret data:
Jul 24 17:43:28 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: User 'admin' set: [system radius-server 1.2.3.4 secret] Jul 24 17:43:28 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: User 'admin' set: [system login user admin authentication encrypted-password] Jul 24 17:43:28 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: User 'admin' set: [system login user admin2 authentication encrypted-password]
Load Replace
When a load replace
command is issued
to replace the contents of the example Common Criteria configuration
with the contents of the original configuration, the following audit
logs are created concerning the secret data:
Jul 24 18:29:09 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: User 'admin' replace: [system radius-server 1.2.3.4 secret] Jul 24 18:29:09 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: User 'admin' replace: [system login user admin authentication encrypted-password] Jul 24 18:29:09 router1 mgd[4163]: UI_CFG_AUDIT_SET_SECRET: User 'admin' replace: [system login user admin authentication encrypted-password]
Load Override
When a load override
command is issued
to override the contents of the example Common Criteria configuration
with the contents of the original configuration, the following audit
logs are created concerning the secret data:
Jul 25 14:25:51 router1 mgd[4153]: UI_LOAD_EVENT: User 'admin' is performing a 'load override' Jul 25 14:25:51 router1 mgd[4153]: UI_CFG_AUDIT_OTHER: User 'admin' override: CC_config2.txt Jul 25 14:25:51 router1 mgd[4153]: UI_CFG_AUDIT_SET_SECRET: User 'admin' set: [system radius-server 1.2.3.4 secret] Jul 25 14:25:51 router1 mgd[4153]: UI_CFG_AUDIT_SET_SECRET: User 'admin' set: [system login user admin authentication encrypted-password] Jul 25 14:25:51 router1 mgd[4153]: UI_CFG_AUDIT_SET_SECRET: User 'admin' set: [system login user admin authentication encrypted-password]
Load Update
When a load update
command is issued
to update the contents of the example Common Criteria configuration
with the contents of the original configuration, the following audit
logs are created concerning the secret data:
Jul 25 14:31:03 router1 mgd[4153]: UI_LOAD_EVENT: User 'admin' is performing a 'load update' Jul 25 14:31:03 router1 mgd[4153]: UI_CFG_AUDIT_OTHER: User 'admin' update: CC_config2.txt Jul 25 14:31:03 router1 mgd[4153]: UI_CFG_AUDIT_SET_SECRET: User 'admin' set: [system radius-server 1.2.3.4 secret] Jul 25 14:31:03 router1 mgd[4153]: UI_CFG_AUDIT_OTHER: User 'admin' deactivate: [system radius-server 1.2.3.4 secret] "" Jul 25 14:31:03 router1 mgd[4153]: UI_CFG_AUDIT_SET_SECRET: User 'admin' set: [system login user admin authentication encrypted-password] Jul 25 14:31:03 router1 mgd[4153]: UI_CFG_AUDIT_OTHER: User 'admin' deactivate: [system login user admin authentication encrypted-password] "" Jul 25 14:31:03 router1 mgd[4153]: UI_CFG_AUDIT_SET_SECRET: User 'admin' set: [system login user test authentication encrypted-password] Jul 25 14:31:03 router1 mgd[4153]: UI_CFG_AUDIT_OTHER: User 'admin' deactivate: [system login user test authentication encrypted-password] ""