show system audit
Syntax
show system audit <root-only>
Syntax (EX Series Switch and MX Series Router)
show system audit <all-members> <local> <member member-id> <root-only>
Syntax (TX Matrix Router)
show system audit <all-lcc | lcc number | scc> <root-only>
Syntax (TX Matrix Plus Router)
show system audit <all-chassis | all-lcc | lcc number | sfc number> <root-only>
Syntax (QFX Series)
show system audit <infrastructure name | interconnect-device name | node-group name | root-only>
Syntax (OCX Series)
show system audit <root-only>
Description
Display the state and checksum values for file systems.
Options
| none | Display the state and checksum values for all file systems. |
| all-chassis | (TX Matrix routers and TX Matrix Plus routers only) (Optional) Display file system MD5 hash and permissions information for all of the chassis. |
| all-lcc | (TX Matrix routers and TX Matrix Plus routers only) (Optional) On a TX Matrix router, display file system MD5 hash and permissions information for all T640 routers connected to the TX Matrix router. On a TX Matrix Plus router, display file system MD5 hash and permissions information for all T1600 or T4000 routers connected to the TX Matrix Plus router. |
| all-members | (EX4200 switch, QFX Series, and MX Series routers only) (Optional) Display file system MD5 hash and permissions information on all members of the Virtual Chassis configuration. |
| lcc number | (TX Matrix and TX Matrix Plus routers only) (Optional) On a TX Matrix router, display file system MD5 hash and permissions information for a specific T640 router that is connected to the TX Matrix router. On a TX Matrix Plus router, display file system MD5 hash and permissions information for a specific router that is connected to the TX Matrix Plus router. Replace number with the following values depending on the LCC configuration:
|
| infrastructure name | (QFabric systems only) (Optional) Display file system MD5 hash and permissions information for a fabric control Routing Engine or a fabric control Routing Engine. |
| interconnect-device name | (QFabric systems only) (Optional) Display file system MD5 hash and permissions information for the Interconnect device. |
| local | (EX4200 switch, QFX Series, and MX Series routers only) (Optional) Display file system MD5 hash and permissions information on the local Virtual Chassis member. |
| member member-id | (EX4200 switch, QFX Series, and MX Series routers only) (Optional) Display file system MD5 hash and permissions information on the specified member of the Virtual Chassis configuration. For EX4200 switches, replace member-id with a value from 0 through 9. For an MX Series Virtual Chassis, replace member-id with a value of 0 or 1. |
| node-group name | (QFabric systems only) (Optional) Display file system MD5 hash and permissions information for the Node group |
| root-only | (Optional) Check only the root (/) file system. On a QFabric system, you can check the root (/) file system on the infrastructure (fabric manager Routing Engine and fabric control Routing Engine), Interconnect device, or Node group. |
| scc | (TX Matrix routers only) (Optional) Display file system MD5 hash and permissions information for the TX Matrix router (or switch-card chassis). |
| sfc number | (TX Matrix Plus routers only) (Optional) Display file system MD5 hash and permissions information for the TX Matrix Plus router (or switch-fabric chassis). Replace number with 0. |
Additional Information
To redirect the output to a file, issue the following command:
ssh device-name 'show system audit root-only' > output-file
If you save the output of the show system audit root-only command to a file, you can compare it to subsequent output from
the command to determine whether anything has changed.
By default, when you issue the show system audit command
on the primary Routing Engine of a TX Matrix router or a TX Matrix
Plus router, the command is broadcast to all the primary Routing Engines
of the LCCs connected to it in the routing matrix. Likewise, if you
issue the same command on the backup Routing Engine of a TX Matrix
or a TX Matrix Plus router, the command is broadcast to all backup
Routing Engines of the LCCs that are connected to it in the routing
matrix.
Required Privilege Level
admin
Sample Output
- show system audit root-only
- show system audit lcc (TX Matrix Router)
- show system audit lcc (TX Matrix Plus Router)
- show system audit root-only (QFX3500 Switch)
show system audit root-only
user@host> show system audit root-only
# user: root
# machine: host
# tree: /
date: Fri Feb 11 21:21:46 2000
# .
/set type=file uid=0 gid=0 mode=0755 nlink=1
. type=dir nlink=23 size=1024 time=950252640.0
.cshrc uid=3 gid=7 mode=0644 size=177 time=939182975.0 \
md5digest=f414e06fea6bd646244b98e13d6e6226
.kernel.jkernel.backup \
mode=0744 size=1934552 time=944688902.0 \
md5digest=2c343cf0bd9fea8f04f78604feed7aa4
.profile uid=3 gid=7 mode=0644 nlink=2 size=173 time=939182975.0 \
md5digest=55a1e3c6c67789c9d3a1cce1ea39f670
COPYRIGHT uid=3 gid=7 mode=0444 size=3425 time=939182975.0 \
md5digest=7df8bc77dcee71382ea73eb0ec6a9243
boot.config mode=0644 size=3 time=945902618.0 \
md5digest=93d722493ed38477338a1405d7dcbb40
boot.help uid=3 gid=7 mode=0444 size=411 time=939182876.0 \
md5digest=9b7126385734bcae753f4179ab59d8e5
compat type=link mode=0777 size=11 time=915149058.0 \
link=/usr/compat
kernel mode=0444 size=1947607 time=950230892.0 \
md5digest=1a2a8aff2fec678a918ba0d6bf063980
kernel.avr uid=1112 size=1947642 time=950252597.0 \
md5digest=82e1637682d58ec28964dfee7fccb62e
kernel.config \
mode=0644 size=0 time=915149058.0 \
md5digest=d41d8cd98f00b204e9800998ecf8427e
sys type=link mode=0777 size=11 time=915149029.0 \
link=usr/src/sys
show system audit lcc (TX Matrix Router)
user@host> show system audit lcc 2
lcc2-re0:
--------------------------------------------------------------------------
# user: root
# machine: test-lcc2
# tree: /
# date: Mon Sep 13 11:55:33 2004
# .
/set type=file uid=0 gid=0 mode=0555 nlink=1 flags=none
. type=dir nlink=20 size=512 time=1094982121.0
COPYRIGHT mode=0644 size=4735 time=986012708.0 \
md5digest=78396df1404ad742e6eb1be28f0cd63b
kernel type=link mode=0700 size=17 time=1090266262.0 \
link=/packages/jkernel
# ./altconfig
altconfig type=dir nlink=2 size=512 time=1089801320.0
# ./altconfig
..
# ./altroot
altroot type=dir nlink=2 size=512 time=1089801320.0
# ./altroot
..
# ./b
b type=dir mode=0755 nlink=2 size=512 time=1093961429.0
# ./b
..
# ./bin
/set type=file uid=0 gid=0 mode=0700 nlink=1 flags=none
bin type=dir mode=0755 nlink=2 size=512 time=1089843059.0
[ type=link size=28 time=1090266270.0 \
link=/packages/mnt/jbase/bin/test
cat type=link size=27 time=1090266270.0 \
link=/packages/mnt/jbase/bin/cat
chmod type=link size=29 time=1090266270.0 \
link=/packages/mnt/jbase/bin/chmod
cp type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/cp
csh type=link size=27 time=1090266270.0 \
link=/packages/mnt/jbase/bin/csh
date type=link size=28 time=1090266270.0 \
link=/packages/mnt/jbase/bin/date
dd type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/dd
df type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/df
echo type=link size=28 time=1090266270.0 \
link=/packages/mnt/jbase/bin/echo
ed type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/ed
expr type=link size=28 time=1090266270.0 \
link=/packages/mnt/jbase/bin/expr
hostname type=link size=32 time=1090266270.0 \
link=/packages/mnt/jbase/bin/hostname
kill type=link size=28 time=1090266270.0 \
link=/packages/mnt/jbase/bin/kill
ln type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/ln
ls type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/ls
mkdir type=link size=29 time=1090266270.0 \
link=/packages/mnt/jbase/bin/mkdir
mv type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/mv
ps type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/ps
pwd type=link size=27 time=1090266270.0 \
link=/packages/mnt/jbase/bin/pwd
rcp type=link size=27 time=1090266270.0 \
link=/packages/mnt/jbase/bin/rcp
red type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/ed
rm type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/rm
rmdir type=link size=29 time=1090266270.0 \
link=/packages/mnt/jbase/bin/rmdir
sh type=link size=26 time=1090266270.0 \
link=/packages/mnt/jbase/bin/sh
sleep type=link size=29 time=1090266270.0 \
link=/packages/mnt/jbase/bin/sleep
stty type=link size=28 time=1090266270.0 \
link=/packages/mnt/jbase/bin/stty
sync type=link size=28 time=1090266270.0 \
link=/packages/mnt/jbase/bin/sync
tcsh type=link size=27 time=1090266270.0 \
link=/packages/mnt/jbase/bin/csh
test type=link size=28 time=1090266270.0 \
link=/packages/mnt/jbase/bin/test
# ./bin
..
# ./boot
/set type=file uid=0 gid=0 mode=0444 nlink=1 flags=none
boot type=dir mode=0555 nlink=3 size=512 time=1095069935.0
boot0 size=512 time=1094978286.0 \
md5digest=6f780822dd4ae482a20462b66e542cca
boot1 mode=0555 size=512 time=1094978294.0 \
md5digest=8d112b09df342cd0b60fdb9bdcde8e07
boot2 mode=0555 size=7680 time=1094978294.0 \
md5digest=28eb58c4068c6b85717e1484f9e028e4
cdboot mode=0555 size=165888 time=1094978298.0 \
md5digest=1474c6b800dfc82ba552d7c36116d07d
kgzldr.o size=5996 time=1094982121.0 \
md5digest=c53dc948eb07e2ea4eb0413e4c4634a3
loader mode=0555 size=163840 time=1094978298.0 \
md5digest=82d9dc2d31033476bfb61bb7264c4fed
loader.4th size=9237 time=986013631.0 \
md5digest=43144391465ad50267d31e0a320be1de
...
show system audit lcc (TX Matrix Plus Router)
user@host> show system audit all-chassis
sfc0-re0:
--------------------------------------------------------------------------
# user: root
# machine: test
# tree: /
# date: Mon May 18 00:13:16 2009
# .
/set type=file uid=0 gid=0 mode=0755 nlink=1 flags=none
. type=dir nlink=23 size=512 time=1242347096.0
COPYRIGHT mode=0644 size=6196 time=1168587741.0 \
md5digest=bbad415e1c29bbedd9b383537100412c
kernel type=link size=17 time=1242347011.0 link=/packages/jkernel
staging type=link mode=0777 size=8 time=1242346935.0 link=/var/tmp
# ./.snap
.snap type=dir mode=0775 nlink=2 size=512 time=1242346922.0
# ./.snap
..
# ./altconfig
altconfig type=dir mode=0500 nlink=2 size=512 time=1242319843.0
# ./altconfig
..
# ./altroot
altroot type=dir mode=0500 nlink=2 size=512 time=1242319843.0
# ./altroot
..
# ./bin
bin type=dir nlink=2 size=512 time=1242346944.0
\133 type=link size=28 time=1242346942.0 \
link=/packages/mnt/jbase/bin/test
cat type=link size=27 time=1242346941.0 \
link=/packages/mnt/jbase/bin/cat
chflags type=link size=31 time=1242346941.0 \
link=/packages/mnt/jbase/bin/chflags
chmod type=link size=29 time=1242346941.0 \
link=/packages/mnt/jbase/bin/chmod
cp type=link size=26 time=1242346941.0 \
link=/packages/mnt/jbase/bin/cp
csh type=link size=27 time=1242346941.0 \
link=/packages/mnt/jbase/bin/csh
date type=link size=28 time=1242346941.0 \
link=/packages/mnt/jbase/bin/date
dd type=link size=26 time=1242346941.0 \
link=/packages/mnt/jbase/bin/dd
df type=link size=26 time=1242346941.0 \
link=/packages/mnt/jbase/bin/df
echo type=link size=28 time=1242346941.0 \
link=/packages/mnt/jbase/bin/echo
ed type=link size=26 time=1242346941.0 \
link=/packages/mnt/jbase/bin/ed
expr type=link size=28 time=1242346941.0 \
link=/packages/mnt/jbase/bin/expr
hostname type=link size=32 time=1242346941.0 \
link=/packages/mnt/jbase/bin/hostname
kill type=link size=28 time=1242346941.0 \
link=/packages/mnt/jbase/bin/kill
ln type=link size=26 time=1242346941.0 \
link=/packages/mnt/jbase/bin/ln
ls type=link size=26 time=1242346941.0 \
link=/packages/mnt/jbase/bin/ls
mkdir type=link size=29 time=1242346941.0 \
link=/packages/mnt/jbase/bin/mkdir
mv type=link size=26 time=1242346941.0 \
link=/packages/mnt/jbase/bin/mv
pax type=link size=27 time=1242346944.0 \
link=/packages/mnt/jbase/bin/pax
ps type=link size=26 time=1242346941.0 \
link=/packages/mnt/jbase/bin/ps
pwd type=link size=27 time=1242346941.0 \
link=/packages/mnt/jbase/bin/pwd
rcp type=link size=27 time=1242346942.0 \
link=/packages/mnt/jbase/bin/rcp
red type=link size=26 time=1242346941.0 \
link=/packages/mnt/jbase/bin/ed
rm type=link size=26 time=1242346942.0 \
link=/packages/mnt/jbase/bin/rm
rmdir type=link size=29 time=1242346942.0 \
link=/packages/mnt/jbase/bin/rmdir
sh type=link size=26 time=1242346942.0 \
link=/packages/mnt/jbase/bin/sh
sleep type=link size=29 time=1242346942.0 \
link=/packages/mnt/jbase/bin/sleep
stty type=link size=28 time=1242346942.0 \
link=/packages/mnt/jbase/bin/stty
sync type=link size=28 time=1242346942.0 \
link=/packages/mnt/jbase/bin/sync
tcsh type=link size=27 time=1242346941.0 \
link=/packages/mnt/jbase/bin/csh
test type=link size=28 time=1242346942.0 \
link=/packages/mnt/jbase/bin/test
# ./bin
...show system audit root-only (QFX3500 Switch)
user@switch> show system audit root-only
# user: root
# machine: test
# tree: /
date: Fri Feb 11 21:21:46 2000
# .
/set type=file uid=0 gid=0 mode=0755 nlink=1
. type=dir nlink=23 size=1024 time=950252640.0
.cshrc uid=3 gid=7 mode=0644 size=177 time=939182975.0 \
md5digest=f414e06fea6bd646244b98e13d6e6226
.kernel.jkernel.backup \
mode=0744 size=1934552 time=944688902.0 \
md5digest=2c343cf0bd9fea8f04f78604feed7aa4
.profile uid=3 gid=7 mode=0644 nlink=2 size=173 time=939182975.0 \
md5digest=55a1e3c6c67789c9d3a1cce1ea39f670
COPYRIGHT uid=3 gid=7 mode=0444 size=3425 time=939182975.0 \
md5digest=7df8bc77dcee71382ea73eb0ec6a9243
boot.config mode=0644 size=3 time=945902618.0 \
md5digest=93d722493ed38477338a1405d7dcbb40
boot.help uid=3 gid=7 mode=0444 size=411 time=939182876.0 \
md5digest=9b7126385734bcae753f4179ab59d8e5
compat type=link mode=0777 size=11 time=915149058.0 \
link=/usr/compat
kernel mode=0444 size=1947607 time=950230892.0 \
md5digest=1a2a8aff2fec678a918ba0d6bf063980
kernel.avr uid=1112 size=1947642 time=950252597.0 \
md5digest=82e1637682d58ec28964dfee7fccb62e
kernel.config \
mode=0644 size=0 time=915149058.0 \
md5digest=d41d8cd98f00b204e9800998ecf8427e
sys type=link mode=0777 size=11 time=915149029.0 \
link=usr/src/sys
Release Information
Command introduced before Junos OS Release 7.4.
sfc option introduced for the TX Matrix Plus router in Junos OS Release 9.6.