< Home

Operation Logs

Operation logs record administrators' login, logout, and operations on the device. By analyzing operation logs, you can identify security vulnerabilities.

Context

The FW deployed between an intranet and the Internet generates operation logs when an administrator operates on the FW.

For USG6000E, before querying operation logs, you have run the log type syslog enable command on the FW to enable the recording of operation logs.

Procedure

  1. Choose Monitor > Logs > Operation Logs to view operation logs.
  2. Optional: Click Export to export operation logs in CSV format to the management PC.
  3. Click Add Filter and select search conditions to filter logs.

    If the device has no disk, click Advanced Search to filter logs.

  4. Optional: You can click to save the current log query conditions as a log query template for future use.

    The next time you want to use these query conditions, you only need to click to select the template name and click OK. Then the system queries logs based on the template conditions. The device administrator can click Template Distribution to view the number of templates created by each user. In addition, you can click to delete a log query template.

    Only the user that creates a log query template can view or use this template.

    Each log page supports a maximum of 10 log query templates, and a device supports a maximum of 1000 log query templates.

Log Sample

The following figure shows the operation logs generated within a specific time range:

The following table lists the fields in an operation log.

Field

Description

Time

Time when an operation log is generated

Administrator

Administrator that operates on the FW

For details on administrators, see Administrator Overview.

Login IP Address

IP address used by an administrator to log in

Content

Operation performed by an administrator after login

Virtual System

Virtual system that generates the operation log

Operation logs record administrators' login IP addresses, login modes, and the actions they take on the device. By analyzing operation logs, you can identify risks. If a login administrator performs an incorrect operation on the FW, you can blacklist the IP address of the administrator.

Table 1 Operation log field settings

Field

Setting

Login IP Address

Click the Login IP Address field value of a specific operation log. Add Blacklist Entry is displayed. The parameters in Add Blacklist Entry are as follows:

  • Type: The login IP address is automatically blacklisted.
  • Source IP: The login IP address is automatically blacklisted.
  • Protocol: The protocol type is automatically blacklisted.
  • Source Port: The source port is automatically blacklisted.

  • Timeout: You can use either of the following methods to set a timeout period for a blacklist entry:

    • Select Unlimited to permanently blacklist the login IP address.
    • Enter a timeout period.
Parent Topic: View logs in the Web
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >