1. Oracle ILOM Security Guide For Firmware Release 5.1.x
  2. Oracle ILOM Post Deployment Practices for Increasing Security
  3. Post Deployment Considerations for Securing User Access
  4. Monitor Audit Log Events to Find Unauthorized Changes

Monitor Audit Log Events to Find Unauthorized Changes

Periodically examine the Oracle ILOM Audit log for unauthorized changes. Each audit log entry notes the user and time stamp associated with the event. Audit log events can be a useful tool because they include the user name, command, command parameters, and configuration success or failure.

To view events in the Audit log, see the following web-based instructions, View Audit Log. For CLI instructions or other details about the Audit log, including filtering log entries, see Managing Oracle ILOM Log Entries in Oracle ILOM User's Guide for System Monitoring and Diagnostics Firmware Release 5.1.x.

View Audit Log

Oracle ILOM log entries for a host server are viewable from the server SP web interface.

  1. In the web interface, click ILOM Administration, then Logs, and then the Audit tab.
  2. From the Filter list box, select a standard or custom filter.
  3. Click the “More Details” link on the log page for additional information about filtering log entries.