1. Oracle ILOM Security Guide For Firmware Release 5.1.x
  2. Oracle ILOM Post Deployment Practices for Increasing Security
  3. Post Deployment Considerations for Securing User Access
  4. Monitor Session Log Events to Find Unauthorized Access

Monitor Session Log Events to Find Unauthorized Access

Monitor for unauthorized access by periodically examining the Oracle ILOM Session log. The Session log records all login and logout events for a session. Each Session log entry notes the user and time stamp associated with the event.

For sessions accessed via the web user interface, login failures are also logged and include the following attributes:

  • Date and time of last failed attempt

  • Number of failed attempts

  • Source IP address

For security reasons, the login failure reason is not included. Also for security concerns, login failures are not logged for sessions accessed via the CLI user interface.

To view events in the Session log, see the following web-based instructions, View Session Log. For CLI instructions or other details about the Session log, including filtering log entries, see Managing Oracle ILOM Log Entries in Oracle ILOM User's Guide for System Monitoring and Diagnostics Firmware Release 5.1.x.

To set a timeout interval for inactive sessions, see Configuring Oracle ILOM Interfaces for Increased Security.

View Session Log

Oracle ILOM log entries for a host server are viewable from the server SP web interface.

  1. In the web interface, click ILOM Administration, then Logs, and then the Session tab.
  2. From the Filter list box, select a standard or custom filter.
  3. Click the “More Details” link on the log page for additional information about filtering log entries.