Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Logging all user commands

You can configure the syslog system to log all commands that a user runs to a local or remote syslog destination.

The syslog system uses specific values of the following attributes to identify user-command log entries:
  • Facility: Log entries for user commands have a facility value of local5.
  • Severity level: Log entries for user commands have a severity level of info.

To log user commands, configure the syslog system to send log entries with a local5 facility and info severity level to a local or remote syslog destination. A local destination is a user-defined file. A remote destination is a syslog server.

The following example shows how to configure the syslog system to log user commands to the /var/log/user/cmds.log file.

Table 1. Configuring the syslog system to log user commands to the /var/log/user/cmds.log file
Step Command
Configure the system to send user-command log entries to the cmds.log file. If not present, this command creates the cmds.log file in the /var/log/user directory.
Note: For security reasons, the system restricts user-defined files to the /var/log/user directory, which is why this commands requires only the filename (in this example, cmds.log) and not the path. If the filename includes the path, this command returns an error.
vyatta@vyatta# set system syslog file cmds.log facility local5 level info
Commit the configuration.
vyatta@vyatta# commit
Verify the configuration.
vyatta@vyatta# show system syslog file 
 file cmds.log {
        facility local5 {
                level info
        }
 }
The following example shows entries from the cmds.log file.
2017-01-17T17:13:19.876844+00:00 localhost -vbash[3392]: HISTORY: PID=3392 UID=1000 configure
2017-01-17T17:15:06.544493+00:00 localhost vbash[3641]: HISTORY: PID=3641 UID=1000 set protocols rip interface lo
2017-01-17T17:16:10.351281+00:00 localhost vbash[3641]: HISTORY: PID=3641 UID=1000 set protocols ospf
2017-01-17T17:16:33.016625+00:00 localhost vbash[3641]: HISTORY: PID=3641 UID=1000 set protocols ospf log lsa all
2017-01-17T17:17:11.450432+00:00 localhost vbash[3641]: HISTORY: PID=3641 UID=1000 commit

The following example shows how to configure the syslog system to log user commands to the syslog server at 192.168.1.2.

Table 2. Configuring the syslog system to log user commands to the syslog server at 192.168.1.2.
Step Command
Configure the system to send user-command log entries to the syslog server at 192.168.1.2.
vyatta@vyatta# set system syslog host 192.168.1.2 facility local5 level info
Commit the configuration.
vyatta@vyatta# commit
Verify the configuration.
vyatta@vyatta# show system syslog host 
 host 192.168.1.2 {
        facility local5 {
                level info
        }
 }