GE ML2400 Switch User Manual

6.3.2 Logs
All events occurring on the Managed MultiLink switch are logged. The events can be
informational (e.g. login, STP synchronization etc.), debugging logs (for debugging network
and other values), critical (critical events), activity (traffic activity) and fatal events (such as
unexpected behavior). The specific types of logs can be viewed and cleared. To view the
logs in the EnerVista Secure Web Management software, select the Configuration > Logs
menu item.
Note the different types of logs. Specific logs may be viewed by using the drop down menu
in the top right corner
As discussed in the previous section, any port can be set to monitor security as well as
make a log on the intrusions that take place. The logs for the intrusions are stored on the
switch. When the switch detects an intrusion on a port, it sets an “alert flag” for that port
and makes the intrusion information available.
The default log size is 50 rows. To change the log size, select the Configuration > Statistics
> Log Statistics menu item.
When the switch detects an intrusion attempt on a port, it records the date and time
stamp, the MAC address, the port on which the access was attempted and the action
taken by the MultiLink switches. The event log lists the most recently detected security
violation attempts. This provides a chronological entry of all intrusions attempted on a
specific port.
The event log records events as single-line entries listed in chronological order, and serves
as a tool for isolating problems. Each event log entry is composed of four fields
Severity - the level of severity (see below).
Date - date the event occurred on. See Date and Time on page 5–8 for information
on setting the date and time on the switch.
Time - time the event occurred on. See Date and Time on page 5–8 for information
on setting the date and time on the switch
Log Description - description of event as detected by the switch
Severity has one of the following values, and depending on the severity type, is assigned a
severity level.
I (information, severity level 1) indicates routine events.
A (activity, severity level 2) indicates the activity on the switch.
D (debug, severity level 3) is reserved for GE Multilin internal diagnostic information
C (critical, severity level 4) indicates that a severe switch error has occurred.