Network Topology
None
Problem Description
Version EIA 7.3 E0632H07 can newly configure the syslog method to send authentication fail logs. Feedback indicates no authentication fail syslog messages were received.
Process Analysis
1. Search for syslog sending records in jserver logs. Keywords The uam system find authfail list for syslogjob or com.h3c.imc.acm.common.SysLogUtil. Relevant records can be found in the logs, which indicate that the logs were sent.
2. Implementation logic of this function: Send syslog for failed user authentication (Uauth). If this parameter is select yes, the system checks every hour whether there are newly added logs of failed user authentication (Uauth) within the last hour. For each new log found, a syslog of failed user authentication (Uauth) will be sent to the log server. If no new logs are found, nothing is sent.
Therefore, the syslog server can only receive syslogs at the top of the hour.
3. Customers can find the syslog information of failed user authentication (Uauth) at the top of the hour.
Solution
Learned about the log analysis methods for related functions and their function characteristics.
The corresponding syslog information can be found at the top of the hour.