ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

NetApp Root Account Login History

Millsy64
‎2015-07-22 09:21 AM
10,586 Views

Hi All,

 

Is there a command I can input into my 7-mode filer's CLI to interrogate / display the root account login history, when the root username & password have been used to to access the filer's CLI.

 

Apparrently, the filer root account has never been used to access the filer since initial config.

 

I'd appreciate any suggestions

 

Tks In Advamce

 

C.J.

0 Kudos
View By:
8 REPLIES 8

YIshikawa
‎2015-07-22 04:21 PM
10,524 Views
Check /etc/log/auditlog. Any CLI session and commands issued is logged here.

Millsy64
‎2015-07-23 07:56 AM
In response to YIshikawa
10,428 Views

Hi Yishikawa,

 

Thanks very much for the /etc/log/auditlog tip.

 

I ran the above command you suggested on the NetApp site and found the following NetApp library link entitled "Understanding Audit Logging"

 

https://library.netapp.com/ecmdocs/ECMP1368862/html/GUID-B6117506-C89B-4463-A2DF-29BFAC99A72F.html

 

In the above link, it is suggested that the filer saves audit-log files for six weeks, (unless any audit-log file reaches the maximum size) after which the oldest audit-log file is discarded.

 

I suspect any of the root account logon attempts I wanted to track will already have been deleted. 

 

I don't suppose there's any system shell commands that could accomplish the same aim?

 

Thanks for your response

 

C.J.(aka Millsy64)

0 Kudos

richard_payne
‎2015-07-23 12:45 PM
In response to Millsy64
10,398 Views

If you want to save the audit logs for longer than the filer saves them, you can always setup a syslog server and have the filer forward the messages. If you have multiple filers you can forward all their logs to that one central sysog server and have one place to search. You can also save the logs for as long as you like.

 

--rdp

0 Kudos

YIshikawa
‎2015-07-23 06:03 PM
In response to Millsy64
10,352 Views
Unfortunately, no other commands & logs.
As you referred, auditlog is recycled so you need to keep it on remote hosts before it is recycled.Consider to copy auditlog* to remote host via NFS or CIFS. Or,as Millsy64 wrote, consider to use syslog, some relevant KB articles are published.
https://kb.netapp.com/support/index?page=content&id=3012288
https://kb.netapp.com/support/index?page=content&id=1010374
0 Kudos

JGPSHNTAP
‎2015-07-24 02:48 PM
In response to YIshikawa
10,267 Views

One suggestion would be to keep 52 weeklys on your vol0 vol...

0 Kudos

PIYUSHBANSAL198722
‎2015-08-14 02:53 AM
In response to Millsy64
10,059 Views

Hello Dear,

 

 

Try checking in the autosupports sent to Netapp

You could also check in myautosupport not sure their retention but worth giving it a try

 

Thanks,

Piyush

0 Kudos

richard_payne
‎2015-08-14 07:36 AM
In response to PIYUSHBANSAL198722
10,038 Views

That works, though it does make you dependant on NetApp for storing your data. Which is fine all the time you have an active support contract.

 

--rdp

0 Kudos

Bala0420
‎2018-03-07 11:03 PM
In response to Millsy64
8,366 Views

Hello team.

 

 

As i requested  to you!

 

 

I jest wanted know the root user loging history can you please assist on it 

 

 

Thanks,

 

sake

0 Kudos
All Community Forums
Public