Logging all user commands
You can configure the syslog system to log all commands that a user runs to a local or remote syslog destination.
- Facility: Log entries for user commands have a facility value of local5.
- Severity level: Log entries for user commands have a severity level of info.
To log user commands, configure the syslog system to send log entries with a local5 facility and info severity level to a local or remote syslog destination. A local destination is a user-defined file. A remote destination is a syslog server.
The following example shows how to configure the syslog system to log user commands to the /var/log/user/cmds.log file.
Step | Command |
---|---|
Configure the system to send user-command log entries to the cmds.log file. If not present, this command creates the cmds.log file in the /var/log/user directory. Note: For security reasons, the system restricts user-defined files to the /var/log/user directory, which is why this commands requires only the filename (in this example, cmds.log) and not the path. If the filename includes the path, this command returns an error. |
|
Commit the configuration. |
|
Verify the configuration. |
|
2017-01-17T17:13:19.876844+00:00 localhost -vbash[3392]: HISTORY: PID=3392 UID=1000 configure
2017-01-17T17:15:06.544493+00:00 localhost vbash[3641]: HISTORY: PID=3641 UID=1000 set protocols rip interface lo
2017-01-17T17:16:10.351281+00:00 localhost vbash[3641]: HISTORY: PID=3641 UID=1000 set protocols ospf
2017-01-17T17:16:33.016625+00:00 localhost vbash[3641]: HISTORY: PID=3641 UID=1000 set protocols ospf log lsa all
2017-01-17T17:17:11.450432+00:00 localhost vbash[3641]: HISTORY: PID=3641 UID=1000 commit
The following example shows how to configure the syslog system to log user commands to the syslog server at 192.168.1.2.
Step | Command |
---|---|
Configure the system to send user-command log entries to the syslog server at 192.168.1.2. |
|
Commit the configuration. |
|
Verify the configuration. |
|