ATM_ID: B031937A-AAE2-11EA-A6EE-7A5ABA8A9762 MFF: PLANNEDTIMESTAFF: ID: WFAST_Accounting/Testcases/FS_50.001.01_Audit_Log_Events/10885 TESTCASE_HEADLINE: Event ID=59 The audit log entry data shall report events contained in table 1 Audit Log - Feature Access Control Event ID = 59 User Name Device name Device serial number Completion Status (Enabled / Disabled/ Configured) Interface (Web, Local, CAC, SNMP) Session IP address (if available) -- WITH IPV6 Address \ Note: When testing an open system (where a non-logged in user has administrative privileges), many events will not show consistent usernames, so any name shall be acceptable. The event must be present, but the Entry Data may be inconsistent or incomplete. GROUP: FEATURE: SUB_FEATURE: INPUT:

Audit Log:

  1. Test procedure should be performed through admin user only.
  2. Make sure that in device IPV4 is DISABLED and IPV6 is ENABLED.

     Syslog:
  3. Syslog Destination Server details must be configured.
PROCEDURE:

  1. Open CWIS using IPV6 address and Through WebUI: User Permission Roles"" through the edit link found at /Properties--Login/Permission/Accounting---User Permission-Change to Remotely On the Network using LDAP.
  2. Click on edit link in User Permission Roles- Click on edit link for non-logged-In User-Click on Apps &; Tools- change the Presets from standard access to open access or anything below.
  3. Save the audit log to the desktop and view the recorded events.
  4. Validate audit log has an event for Feature Access Control.
  5. Validate the Feature Access Control entries data contains a User Name; Device Name; Device Serial number; Configured for Completion Status; Interface (Web) and Session IP."

    \ Note: Validate If an audit log event is generated with a missing entry data field and the feature should display as "Not available" in CEF Keyname display as "Not available" in CEF Keyname
OUTPUT:

The audit log has an event for Feature Access Control .

A.Event ID : 59
B.Event Description: User Permissions
C.User Name:
D.Device Name
E.Device Serial Number
F.Completion Status (Configured)
G.Interface (Web; Local; CAC; SNMP)
H.Session IP address ( If Available)(IPV6)

Sys log Verification using View Events option:

Syslog+CEF format should be displayed as per the Spec (Refer SIEM Integration and Audit Log Events Spec):

PRI number; Timestamp; Device name; CEF:0; Xerox; Device Model; Device Software Version; Device Audit log Event ID; Audit log Event Description; Severity)along with CEF Key Name Mapping.

PROCESS: PRIORITY: TEST_TYPE: manual LOE: RESOURCE_HW: RESOURCE_CONSUMEABLES: RESOURCE_MEDIA: SKILL_SET: TEST_CASE_TYPE: testcases TESTCASE_SOURCE: SPEC: SPEC_VERSION: SPEC_TAG: [55.120.045](FT-26004)[D5.3-*] If an audit log event is generated with a missing entry data field the feature shall use the value Not Available to map the CEF Keyname. 50.001.01.063 [D1.6-*] | 59 | Feature Access Control Configure | User Name | Device name | Device serial number | Completion Status (Configured) | Interface (Web, Local, CAC, SNMP) | Session IP address (if available) ATM_OWNER: APPROVE_QE: APPROVED_QE: APPROVE_SE: APPROVED_SE: APPROVE_SPAR: APPROVED_SPAR: ASSOCIATED_TESTCASES: TRAINING: TESTCASE_VERSION: TESTCASE_STATE: TESTCASE_PLATFORM: TESTCASE_PRODUCT: canyon, carroll, carroll_sfp, corvo, corrib, kiska, malawi, mystic, melody_sfp, melody, muckross TESTCASE_APPROVALS: CDATE: 1591770118 MDATE: 1591770118 MUSER: q4BVX0J1 AUTHOR: q4BVX0J1 ATM_MCOMMENTS: Imported from spreadsheet HISTORY: ATM_LOCKED: ATM_REQLINK: CAAAE4AE-5461-11EA-9DCE-65D4993DCDB4, 434A37E8-97F7-11E9-9925-CFADAA3FCFED ATM_REQCOUNT: 2 QA_TEAM: TC_WEIGHTAGE: FILENAME: FILEDESC: FILES: RELEASE: AUTOMATION_GROUP: DEVICE_CATEGORY: common CONSTRAINTS_DAR: Imp_98 . NA Done By Previous Analysis COMPETENCY: wfast_accounting APTEST_TRACKING: yes COMPLEXITY_OUTPUT_VALIDATION: non_outliers AUTOMATION_CANDIDATE: no AUTOMATABLE: yet_to_be_analyzed SRT_ANALYZATION: analyzed