5. System Management

1) System Log

Users can check whether the device has been running normally through the system log, and whether there have been system maintenance operations such as shutting down or restarting the system on the interface. Changes to basic devices information, such as deployment mode, management port ip modification, etc., can also be observed. Additionally, they can check whether the alarm log has been sent successfully and whether it has been sent to the correct recipient. It is possible to query the system log for specific conditions and export the system log.

2) System Alarm

Configuring a system alarm is beneficial for real time monitoring of the device’s operational status, and able to receive alarm information and take timely measures when the equipment is abnormal, preventing the loss of important audit logs. The alarm methods include email, SMS, syslog, SNMP alarms, and so on, for more detailed configuration of alarm methods, please refer to 4.4.6 Interconnected Server. If email and SMS alarm methods are selected, the alarm recipients need to configure email addresses and phone numbers, see the 4.5 User Management section for more information, configuration changes will only take effect after clicking the save button below.

System alarms are classified as high risk alarms, the message level needs to be set as high risk when adding a syslog server.

3) System Upgrade

Users are supported to perform various types of upgrades (version, patch, engine) and rollbacks on the frontend interface. To view the upgrade record and track it, when it was upgraded, whether the upgrade was successful, etc., the upgrade process is visualized. When the upgrade record shows an upgrade failure, users can download the upgrade log file and send the log to relevant technical personnel for verification of the failure reason. Upgrade files need to be provided by relevant technical personnel.

Note: After the upgrade or rollback, it is necessary to clear the browser cache to prevent the browser cache mechanism from causing an operation failure.

4) System Security

There are default security levels which are high, medium, and low, and users can also customize their selection of conditions to formulate a security strategy that suits their needs. Configuration changes will only take effect after clicking the save button below.

5) System Maintenance

Device Management

Web interface operations directly on the device are offered. Users can perform operations such as restarting and shutting down the audit system here, and the restarting and shutting down of the audit engine are also provided. To restart or shut down the system, you need to enter the login password, any implementation of this part can impact the audit function, and it is recommended for users to use wisely.

Configuration Information Collection

This function is consistent with the backup of configuration information in data backup, the content of configuration information is the same, the only difference is that the backup configuration information is a script and the visualization is low. The configuration information collection exports an Excel document, the visualization is higher, and users can also edit it personally on the document before importing it. The exported Excel content includes configuration information: protected objects, policy management, object management (excluding job number extraction) as well as the reference relationship between various configurations.

6) Interconnected Server

This module is mainly used to configure external services that communicate with the device, most of them are used for sending and receiving alarm notifications, and it is necessary to ensure that communication between the device and various services is feasible.