Hi all...
Is there any way to log all SSH sessions on the filer in /etc/messages...or somehow view current SSH sessions...especially the IP addresses of hosts... With default settings, the message daemon only logs failed logon attempts...
Thanx
Zeeshan schrieb:
Hi all...
Is there any way to log all SSH sessions on the filer in /etc/messages...or somehow view current SSH sessions...especially the IP addresses of hosts... With default settings, the message daemon only logs failed logon attempts...
I didn't see any SSH logging options lately. Maybe thats another goodie for a future ontap SDK? ;-)
But you can enable ontaps auditlog:
options auditlog
auditlog.enable on (value might be overwritten in takeover) auditlog.max_file_size 0000000 value might be overwritten in takeover)
You will find the auditlog in /etc/log/auditlog on your root volume.
-SF [Apologies for duplicates]
Hi,
"netstat -an" will list you all connecctions to and from the filer. TCP connections to port 22 will show ssh sessions ...
Regards, Filip
On Fri, Jul 25, 2008 at 8:31 AM, Stefan Funke bundy@usage.de wrote:
Zeeshan schrieb:
Hi all...
Is there any way to log all SSH sessions on the filer in /etc/messages...or somehow view current SSH sessions...especially the IP addresses of hosts... With default settings, the message daemon only logs failed logon attempts...
On Jul 24, 2008, at 8:45 PM, Zeeshan wrote:
Hi all...
Is there any way to log all SSH sessions on the filer in /etc/ messages...or somehow view current SSH sessions...especially the IP addresses of hosts... With default settings, the message daemon only logs failed logon attempts...
follow this NOW article:
https://now.netapp.com/Knowledgebase/solutionarea.asp?id=ntapcs5526
Works well for all our filers. Commands entered via ssh get pushed to syslog host. Failed and successful ssh connections with source IPs are logged as well.
-=--=- gerald villabroza <geraldv at stanford.edu> technical lead, its storage, stanford university
-
Filip Sneppe -
Stefan Funke -
Villabroza, Gerald -
Zeeshan