Thanks for your information. I've already seen Login History logs. They do not fullfill PCI/DSS requirements considering audit logs because studing them, You are not able to find out, who made specific changes in configuration of PowerConnect 3548 network switch. Btw, there are available at least two concurent administration sessions (different administrators logged in) which additionally complicates any investigation of configuration changes in the future.
Do you think that there are any possibilities for making feature request in audit logs area of PowerConnect 3548 firmware?
Again thanks for you answer. I configured snmp trap sending, mgmt station ip and tried to make new config changes or login with credentials which doesn't exists. No traps are sent.
Here is my snmp config on the switch:
SWX# show snmp
SNMP is enabled.
Community-String Community-Access View name IP address
Again thanks for your answer. I think that I don't need a MIB loaded into my management station, because this will be kind of SIEM system (log collector which is able to store SNMP traps). The most important thing is that the switch is not sending traps after configuration changes or unsuccessful logins. Do you think that I need to update firmware first, to enable the switch to send SNMP traps after configuration changes?
michalina
4 Posts
0
August 15th, 2012 04:00
Hello,
Thanks for your information. I've already seen Login History logs. They do not fullfill PCI/DSS requirements considering audit logs because studing them, You are not able to find out, who made specific changes in configuration of PowerConnect 3548 network switch. Btw, there are available at least two concurent administration sessions (different administrators logged in) which additionally complicates any investigation of configuration changes in the future.
Do you think that there are any possibilities for making feature request in audit logs area of PowerConnect 3548 firmware?
Best Regards,
Michal B.
michalina
4 Posts
0
August 17th, 2012 03:00
Hello,
Again thanks for you answer. I configured snmp trap sending, mgmt station ip and tried to make new config changes or login with credentials which doesn't exists. No traps are sent.
Here is my snmp config on the switch:
SWX# show snmp
SNMP is enabled.
Community-String Community-Access View name IP address
-------------------- ------------------ -------------- ------------
mycommunity read only Default 192.168.1.1
Community-String Group name IP address Type
------------------ ------------ ------------------- ------
Traps are enabled.
Authentication-failure trap is enabled.
Version 1,2 notifications
Target Address Type Community Version Udp Filter To Retries
Port name Sec
---------------- -------- ----------- ---------- ----- ------- ----- ---------
192.168.1.1 Trap mycommunity 1 162 15
Version 3 notifications
Target Address Type Username Security Udp Filter To Retries
Level Port name Sec
---------------- -------- ----------- -------- ----- ------- ----- ---------
System Contact:
System Location:
SWX#
switch firmware is:
SW version 2.0.0.40 ( date 06-Dec-2009 time 12:06:16 )
Boot version 2.0.0.00 ( date 03-Sep-2008 time 17:31:01 )
HW version 00.00.02
Best Regards,
Michal B.
michalina
4 Posts
0
August 20th, 2012 04:00
Hello,
Again thanks for your answer. I think that I don't need a MIB loaded into my management station, because this will be kind of SIEM system (log collector which is able to store SNMP traps). The most important thing is that the switch is not sending traps after configuration changes or unsuccessful logins. Do you think that I need to update firmware first, to enable the switch to send SNMP traps after configuration changes?
Best Regards,
Michal B.