2015-07-22 09:21 AM - last edited on 2015-07-22 11:24 AM by alissa
Is there a command I can input into my 7-mode filer's CLI to interrogate / display the root account login history, when the root username & password have been used to to access the filer's CLI.
Apparrently, the filer root account has never been used to access the filer since initial config.
I'd appreciate any suggestions
Tks In Advamce
2015-07-23 07:56 AM
Thanks very much for the /etc/log/auditlog tip.
I ran the above command you suggested on the NetApp site and found the following NetApp library link entitled "Understanding Audit Logging"
In the above link, it is suggested that the filer saves audit-log files for six weeks, (unless any audit-log file reaches the maximum size) after which the oldest audit-log file is discarded.
I suspect any of the root account logon attempts I wanted to track will already have been deleted.
I don't suppose there's any system shell commands that could accomplish the same aim?
Thanks for your response
2015-07-23 12:45 PM
If you want to save the audit logs for longer than the filer saves them, you can always setup a syslog server and have the filer forward the messages. If you have multiple filers you can forward all their logs to that one central sysog server and have one place to search. You can also save the logs for as long as you like.
2015-07-23 06:03 PM - edited 2015-07-23 06:09 PM