Veritas Access Appliance 8.4 Initial Configuration Guide
- Getting to know the Access Appliance
- Preparing to configure the appliance
- Configuring the appliance for the first time
- Getting started with the Veritas Access GUI
- Network connection management
- Resetting the appliance to factory settings
- Appliance security
- About Access Appliance security
- About Access appliance user account privileges
- About forced password changes
- Changing the Maintenance user account password
- About the Access Appliance intrusion detection system
- About the Access Appliance intrusion prevention system
- About Access appliance operating system security
- About data security on the Access appliance
- About data integrity on the Access appliance
- Recommended IPMI settings on the Access appliance
Auditing the SDCS logs on an Access Appliance
There are several ways to audit the SDCS logs on a Veritas Access Appliance node.
To do a basic SDCS log search
- Log on to the Access Appliance shell menu.
- Enter the following command:
show sdcs-audit search
SDCS events have three main attributes:
Date
Severity
Event type
You can filter the SDCS logs by each individual attribute.
To filter SDCS log entries by date:
- Log on to the Access Appliance shell menu.
- (Optional) Enter the following command to view all of the events that occurred on a specific day:
show sdcs-audit view search to-date=date
where date is the day in the mm/dd/yyyy[-hh:mm:ss] format.
- (Optional) Enter the following command to view all of the events that occurred during a specific period of time:
show sdcs-audit search to-date=todatefromdate=from-date
where todate is the end date and fromdate is the start date.
For example: show sdcs-audit search to-date=08/31/2021 from-date=08/21/2021
To filter SDCS log events by severity
- Log on to the Access Appliance shell menu.
- Enter the show sdcs-audit search severity=severitycode command.
Where severitycode is the one letter code of the severity type that you want to filter by.
See About SDCS event type codes and severity codes on an Access appliance node.
To filter SDCS log entries by type
- Log on to the Access Appliance shell menu.
- Enter the show sdcs-audit search event-type=eventtype command.
where eventtype is the four-letter code of the event type that you want to filter by.
See About SDCS event type codes and severity codes on an Access appliance node.
You can filter the security logs based on multiple attributes.
To search based on multiple attributes
- Log on to the Access Appliance shell menu.
- Enter the show sdcs-audit search event-id=eventid event-type=eventtype from-date=fromdate to-date=todate severity=severitycode search-string=text command.
where
eventid is the audit log event ID
eventype is the four letter code of the event type that you want to filter by. Enter ALL if you want to include all event type codes in your filter..
fromdate is the start date.
todate is the end date.
severitycode is the one letter code of the severity type that you want to filter by. Enter ALL if you want to include all severity codes in your filter.
text is the search term.
For example:
show sdcs-audit search event-type=MSTA severity=I to-date=08/31/2021 from-date=08/21/2021 search-string=retranslation
You can use the Audit View EventID command to get more information about a specific SDCS event that is listed in a search or filter.
To get more details about a specific SDCS event
- Log on to the Access Appliance shell menu.
- Enter the show sdcs-audit search event-id=eventidcommand.
where eventid is the ID number of an event that was listed in your filter or search.