Authentication daemon syslog

srashidi · ‎06-05-2017

Hello,

I am trying to find CLI commands and find out the way to look at auth*, authpriv* in syslogs hosts for UCSM NXOS.

Thanks

Kirk J · ‎06-05-2017

Greetings.

If you are looking at ways to review local UCSM accounting type logs, then the local UCSM cli commands are:

#scope security

#show audit-log details

Syslog related commands:

#scope monitoring

monitoring# show syslog (will show logging levels)

monitoring# set syslog remote-destination server-1 level
alerts critical debugging emergencies errors
information notifications warnings <<<<setting the logging level to informational, will get audit log entries sent out to remote syslog.

Are you asking for a way to confirm user auth priv levels for users logging into the ucsm?

Thanks,

Kirk...

srashidi · ‎06-05-2017

Thanks for your quick response, basically I need to find all info of the user who had logged in to UCSM from syslogs

Kirk J · ‎06-05-2017

The audit log outputs are part of the syslog output and to have the audit log outputs sent to the syslog server, you will want to set a logging level of “info” in the syslog settings on UCSM.

Thanks,

Kirk...

srashidi · ‎06-06-2017

If I understood correctly , that's when I config syslog for remote destinations. I also need to look up logged in user info in CLI by SSH to console.

Does management plane have auth daemon that logs all user info ? where can I see the logs if I SSH to UCSM.

when I look at the audit logs in UCSM , I only see "Admin, Internal" users I need more details of user who has logged in.

Thanks

srashidi · ‎06-15-2017

Do I need to make change "info " under local destination > file or local destination > monitor on syslog tab ?

I found this useful command that actually gives you some info of active sessions but it wont sent it as syslog

UCS-Primary/security # show user-sessions remote detail