Logs of Linux shell activities

Linux shell user entry and exit logs

SLX-OS uses RASLOG to log entries when the user enters and exits the Linux shell. If you configure a remote Syslog server, the same logs can also be seen on that server.

From privileged EXEC mode, use the show logging raslog command to display the RASLOG entries.
  • When a user enters the Linux shell, the show logging raslog command displays an SH-1001 message.
    device# show logging raslog
    
    2016/06/25-06:42:54, [SH-1001], 1547, M1 | Active, INFO, SLX,  SLXVM Linux shell login information: User [admUser]. Login Time : Sat Jun 25 06:42:54 2016
    
  • When a user exits the Linux shell, the show logging raslog command displays an SH-1002 message.
    device# show logging raslog
    
    2016/06/25-06:43:59, [SH-1002], 1548, M1 | Active, INFO, SLX, Event: exit, Status: success, Info: User [admUser] successfully exited from SLXVM Linux shell. Exit Time: Sat Jun 25 06:43:59 2016
    
Note

Note

An SH-1003 message indicates failure to log in to the Linux shell.

Linux shell command execution logs

Command activities at the Linux shell are logged locally in the /var/log/shell_activity.log file and remotely on a Syslog server.

When a user executes a command at the Linux shell, the shell_activity.log file includes SH-1005 messages:
[admUser@SLX]# tail -f /var/log/shell_activity.log

shell: [log@1588 value="SHELL"][timestamp@1588 value="2017-12-14T11:17:03"][msgid@1588 value="SH-1005"][severity@1588 value="INFO"][swname@1588 value="SLX9540"][arg0@1588 value="no" desc="root access"][arg1@1588 value="admin" desc="username"] BOM Executed command at Linux shell : pwd
shell: [log@1588 value="SHELL"][timestamp@1588 value="2017-12-14T11:17:18"][msgid@1588 value="SH-1005"][severity@1588 value="INFO"][swname@1588 value="SLX9540"][arg0@1588 value="no" desc="root access"][arg1@1588 value="admin" desc="username"] BOM Executed command at Linux shell : ls
Note

Note

The /var/log/shell_activity.log file is rotated every thirty minutes if it goes over 2 MB in size. The old version of the file is compressed; a maximum of four rotated files can exist at the same time.