/var/log/messages interpretation:
======================
Jun 10 01:48:15 FW00301 sshd(pam_unix)[2833]: session opened for user admin by (uid=0)
Jun 10 01:48:18 FW00301 cpshell: cmd by admin: ifconfig -a
Jun 10 01:48:19 FW00301 cpshell: cmd by admin: fw stat
Jun 10 01:48:19 FW00301 shell: cmd by admin: uptime
Jun 10 01:48:38 FW00301 shell: cmd by admin: cphaprob state
Jun 10 01:48:43 FW00301 cpshell: cmd by admin: uptime
Jun 10 01:48:45 FW00301 cpshell: cmd by admin: time
Jun 10 01:48:48 FW00301 cpshell: cmd by admin: ver
Jun 10 01:48:49 FW00301 cpshell: cmd by admin: uptime
Jun 10 01:48:52 FW00301 cpshell: cmd by admin: fw ver
Jun 10 01:48:56 FW00301 shell: cmd by admin: cat /var/log/messages
In Above example. You can see the logs of command execution form admin othru cpshell and shell
Here is the explanation,
Shell - ILO user thru VSP
CPShell - User thru CLI - vty (putty in my case)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.