Technical Documentation

Check the Commands That Users Are Entering

Purpose

A common set of operations you can check is when users log in to the router and the CLI commands they issue.

To check the commands that users are entering, follow these steps:

  1. Configure the Log File for Tracking CLI Commands
  2. Display the Configured Log File

Configure the Log File for Tracking CLI Commands

Action

To configure the log file for tracking CLI commands, follow these steps:

  1. In configuration mode, go to the following hierarchy level:
    [edit]user@host# edit system syslog
  2. Configure the log file:
    [edit system syslog]user@host# edit file filename

    For example:

    [edit system syslog]user@host# edit file cli-commands
  3. Configure the interactive-commands facility and severity level:
    [edit system syslog filename]user@host# set interactive-commands info
  4. Verify the configuration:
    [edit system syslog]user@host# show file cli-commands { interactive-commands info;}
  5. Commit the configuration:
    user@host# commit

Meaning

The configuration example shows that the log file cli-commands is configured with the interactive-commands facility at the info severity level. Table 1 lists and describes the severity levels.

Table 1: Severity Levels

Severity Level

Description

info

Log all top-level CLI commands, including the configure command, and all configuration mode commands.

notice

Log the configuration mode commands rollback and commit.

warning

Log when any software process restarts.


Display the Configured Log File

Purpose

To display the log file in configuration mode, enter the following command:

Action

[edit system syslog]user@host# run show log filename

For example:

[edit system syslog]user@host# run show log cli-commands

Sample Output

[edit system syslog]
user@host# run show log cli-commands 
Sep 16 11:24:25  nut mgd[3442]: UI_COMMIT_PROGRESS: commit: signaling 'Syslog daemon', pid 2457, signal 1, status 0
Sep 16 11:24:25  nut mgd[3442]: UI_COMMIT_PROGRESS: commit: signaling 'SNMP daemon', pid 2592, signal 31, status 0
Sep 16 11:28:36  nut mgd[3442]: UI_CMDLINE_READ_LINE: User 'user', command 'run show log cli-commands '
Sep 16 11:30:39  nut mgd[3442]: UI_CMDLINE_READ_LINE: User 'user', command 'run show log security '
Sep 16 11:31:26  nut mgd[3442]: UI_CMDLINE_READ_LINE: User 'user', command 'run show log messages '
Sep 16 11:41:21  nut mgd[3442]: UI_CMDLINE_READ_LINE: User 'user', command 'edit file cli-commands '
Sep 16 11:41:25  nut mgd[3442]: UI_CMDLINE_READ_LINE: User 'user', command 'show '
Sep 16 11:44:57  nut mgd[3442]: UI_CMDLINE_READ_LINE: User 'user', command 'set interactive-commands info '
Sep 16 14:32:15  nut mgd[3442]: UI_CMDLINE_READ_LINE: User 'user', command 'run show log cli-commands '

Meaning

The sample output shows the CLI commands that were entered since the log file was configured.


Published: 2010-01-25