Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Bookmark
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi All,
Is there a command I can input into my 7-mode filer's CLI to interrogate / display the root account login history, when the root username & password have been used to to access the filer's CLI.
Apparrently, the filer root account has never been used to access the filer since initial config.
I'd appreciate any suggestions
Tks In Advamce
C.J.
8 REPLIES 8
- Bookmark
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Yishikawa,
Thanks very much for the /etc/log/auditlog tip.
I ran the above command you suggested on the NetApp site and found the following NetApp library link entitled "Understanding Audit Logging"
https://library.netapp.com/ecmdocs/ECMP1368862/html/GUID-B6117506-C89B-4463-A2DF-29BFAC99A72F.html
In the above link, it is suggested that the filer saves audit-log files for six weeks, (unless any audit-log file reaches the maximum size) after which the oldest audit-log file is discarded.
I suspect any of the root account logon attempts I wanted to track will already have been deleted.
I don't suppose there's any system shell commands that could accomplish the same aim?
Thanks for your response
C.J.(aka Millsy64)
- Bookmark
- Permalink
- Email to a Friend
- Report Inappropriate Content
If you want to save the audit logs for longer than the filer saves them, you can always setup a syslog server and have the filer forward the messages. If you have multiple filers you can forward all their logs to that one central sysog server and have one place to search. You can also save the logs for as long as you like.
--rdp
Highlighted
- Bookmark
- Permalink
- Email to a Friend
- Report Inappropriate Content
Unfortunately, no other commands & logs.
As you referred, auditlog is recycled so you need to keep it on remote hosts before it is recycled.Consider to copy auditlog* to remote host via NFS or CIFS. Or,as Millsy64 wrote, consider to use syslog, some relevant KB articles are published.
https://kb.netapp.com/support/index?page=content&id=3012288
https://kb.netapp.com/support/index?page=content&id=1010374
As you referred, auditlog is recycled so you need to keep it on remote hosts before it is recycled.Consider to copy auditlog* to remote host via NFS or CIFS. Or,as Millsy64 wrote, consider to use syslog, some relevant KB articles are published.
https://kb.netapp.com/support/index?page=content&id=3012288
https://kb.netapp.com/support/index?page=content&id=1010374
- Bookmark
- Permalink
- Email to a Friend
- Report Inappropriate Content
One suggestion would be to keep 52 weeklys on your vol0 vol...
- Bookmark
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hello Dear,
Try checking in the autosupports sent to Netapp
You could also check in myautosupport not sure their retention but worth giving it a try
Thanks,
Piyush
- Bookmark
- Permalink
- Email to a Friend
- Report Inappropriate Content
That works, though it does make you dependant on NetApp for storing your data. Which is fine all the time you have an active support contract.
--rdp
- Bookmark
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hello team.
As i requested to you!
I jest wanted know the root user loging history can you please assist on it
Thanks,
sake