The logging of security events in the Sumlog enables security administrators to easily detect security violations and security relevant conditions. The Log Result field in the MCP Log header affords an opportunity to store additional “control information” with each log record. This control information, while not affecting the content of the log record, provides additional information about the relevance of the record.
You can use the LOGANALYZER RESULT option to filter analysis based on the assigned result:
|
RESULT option |
Description |
|---|---|
|
SUCCESS |
Successful actions that are not security relevant |
|
FAILURE |
Failed actions that are not related to security |
|
RELEVANT |
Successful actions that are security relevant |
|
VIOLATION |
Failed actions that are security relevant (security violations) |
For example
-
LOG UC. RESULT RELEVANT selects successful security relevant records
-
LOG UC. RESULT VIOLATION selects security violations
-
LOG UC. RESULT RELEVANT VIOLATION selects all security relevant records (successful or not)
For a list of security related networking commands, responses and reports, see Logging of Security-Related Events.
