Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 1 General Administration Tasks : Managing Command Logging

Managing Command Logging
For network monitoring (for example, identifying the user who caused a security violation, or identifying when a security violation occurred on the network), it is useful for the system administrator to be able to retrieve a log of all user command actions attempted on the P-7500 system through the CLI, web, and SEMP interfaces.
The command logging facility is used to capture information about all P-7500 system commands issued by users through either the P-7500 CLI, web, or SEMP interface.
Command Log Record Data
The information contained in each command log record includes, in order:
user name assigned to the CLI, web, or SEMP user account
Note: All CLI, web, and SEMP configuration command attempts made on P-7500 systems are logged by default.
Naming Convention
Command log record files are uncompressed text files with the name command.log.[x], where x is an integer from 1 to 20 identifying the archived file number, and the active file is named command.log.
Logging Capacity
The active command log record file is closed once the file size exceeds 50MB. Upon closing, a new file is opened, and this cycle repeats. The command log record file is in the directory /logs and is available for retrieval from P-7500 systems. There are up to 21 command log record text files available for viewing at any one time, including the currently active log file.
Directory Maintenance
Directory maintenance is not required for command log record files because the files are rotated.
Configuring Command Logging
To configure the command logging feature on a P-7500 system, switch to the logging configuration mode:
tibco(config)# logging
You are now in the logging configuration mode:
tibco(config-logging)#
Enter the command Logging CONFIG command:
tibco(config-logging)# command {cli | semp-mgmt | web | all} mode {shutdown | config-cmds | all-cmds}
where:
cli, semp-mgmt, web, or all
turns off the command logging facility for the specified P-7500 interface (cli, semp-mgmt, web, or all).
log configuration commands only (not show commands) for the specified P-7500 interface (cli, semp-mgmt, web, or all). This is the default.
log all commands except for help (help commands are never logged) for the specified P-7500 interface (cli, semp-mgmt, web, or all).
 
Note: The no version of this command (no command {cli | semp-mgmt | web | all}) reverts logging back to the default mode of config-cmds for the specified P-7500 interface.
Viewing Command Logging Configuration
To view the configuration of the command logging facility on the P-7500, enter the show logging command User EXEC command:
tibco> show logging command
Example:
tibco> show logging command
 
Cmd Interface Logging Mode
----------------------------------------------
CLI all
SEMP/mgmt config
web config
Retrieving Command Log Record Files
Command log record files are stored locally on the P-7500 in subdirectory /logs as uncompressed text files, for retrieval and viewing by the system administrator on a regular basis.
Retrieval and viewing of command log record files can be done by using either the copy or more command.
The copy Privileged EXEC command transfers a text file from the /logs subdirectory to an external SFTP server from the P-7500 for viewing:
   tibco# copy [/][logs/]/filename    sftp://[username@]ip-addr/remote-pathname
Where:
 
Note: Ensure that you have an SFTP server on the P-7500 network to which you have IP connectivity.
The more User EXEC command directly displays the contents of a text file from the /logs subdirectory on the P-7500 for viewing:
   tibco> more /logs/pattern
where pattern is the name of the command log record file (that is, command.log.[x]) to display. * and ? characters can be used to match multiple text files.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved