By default, SLX-OS logs users entering the SLXVM Linux shell, commands executed in that shell, and users exiting from the Linux shell back to the SLX-OS CLI.
SLX-OS uses RASLOG to log entries when the user enters and exits the Linux shell. If you configure a remote Syslog server, the same logs can also be seen on that server.
device# show logging raslog 2016/06/25-06:42:54, [SH-1001], 1547, M1 | Active, INFO, SLX, SLXVM Linux shell login information: User [admUser]. Login Time : Sat Jun 25 06:42:54 2016
device# show logging raslog 2016/06/25-06:43:59, [SH-1002], 1548, M1 | Active, INFO, SLX, Event: exit, Status: success, Info: User [admUser] successfully exited from SLXVM Linux shell. Exit Time: Sat Jun 25 06:43:59 2016
Note
An SH-1003 message indicates failure to log in to the Linux shell.Command activities at the Linux shell are logged locally in the /var/log/shell_activity.log file and remotely on a Syslog server.
[admUser@SLX]# tail -f /var/log/shell_activity.log shell: [log@1588 value="SHELL"][timestamp@1588 value="2017-12-14T11:17:03"][msgid@1588 value="SH-1005"][severity@1588 value="INFO"][swname@1588 value="SLX9540"][arg0@1588 value="no" desc="root access"][arg1@1588 value="admin" desc="username"] BOM Executed command at Linux shell : pwd shell: [log@1588 value="SHELL"][timestamp@1588 value="2017-12-14T11:17:18"][msgid@1588 value="SH-1005"][severity@1588 value="INFO"][swname@1588 value="SLX9540"][arg0@1588 value="no" desc="root access"][arg1@1588 value="admin" desc="username"] BOM Executed command at Linux shell : ls
Note
The /var/log/shell_activity.log file is rotated every thirty minutes if it goes over 2 MB in size. The old version of the file is compressed; a maximum of four rotated files can exist at the same time.