Command Auditing

Command auditing:

• Notifies users about critical actions they are about to do
• Obtains confirmation for critical actions
• Creates forensic logs

If users confirm the action, they are requested to supply their names and a reason for running the command. If the command affects a critical device or a process (pnote) a second confirmation can be required.

For example, if you use administrative privileges to change the state of a SGM to DOWN the output looks like this:

> asg_sgm_admin —b 2_01 down

You are about to perform sgm_admin down on blades: 2_01

Are you sure? (y — yes, any other key — no) y

sgm_admin down requires auditing

Enter your full name: John Smith

Enter reason for sgm_admin down [Maintenance]:

WARNING: sgm_admin down on SGM: 2_01, User: John Smith, Reason: Maintenance

To see the audit logs:

Run:

# asg log audit

Example

# asg log audit

Output

Aug 11 14:14:21 2_01  WARNING: Chassis_admin up on chassis: 1, User: susan, Reason: Maintenance

Aug 11 16:45:15 2_01  WARNING: Reboot on blades: 1_01,1_02,1_03,1_04,1_05,2_02,2_03,2_04,2_05, User: susan, Reason: Maintenance

Aug 18 14:28:57 2_01  WARNING: Chassis_admin down on chassis: 2, User: susan, Reason: Maintenance

Aug 18 14:31:08 2_01  WARNING: Chassis_admin up on chassis: 1, User: Peter, Reason: Maintenance

Aug 18 14:32:32 2_01  WARNING: Chassis_admin down on chassis: 2, User: O, Reason: Maintenance

Aug 20 15:38:58 2_01  WARNING: Blade_admin down on blades: 2_02,2_03,2_04,2_05, User: Paul, Reason: Maintenance

Aug 21 10:00:05 2_01 CRITICAL: Reboot on blades: all, user: ms, Reason: Maintenance