Customer would like to know if Director is able to keep track of any user that attempts to login to the Director appliance.

You can check the audit trail on Director with the followings steps:

1. Use a Secure Shell (SSH) application to connect to Director.

2. Log in as an administrator.

3. At the director > prompt, enter enable.

4. If prompted, enter the enable mode password.

5. At the director # prompt, enter the following command:

director # show syslog

You can scroll through the current system logs using the same keys the UNIX less command uses. The common ones are:

• Up and Down arrow keys to move up or down one line at a time
• <space> to move down a page
• b to move up a page
• > to move to the end
• / followed by a search string and <cr> to do a forward search
• < to move to the beginning
• ? followed by a search string and <cr> to do a backward search
• n to find next occurrence of search string in same direction as last search
• q to quit

For example, the user is login using username ‘admin’ and his machine IP address is 10.105.0.164.

Oct 19 09:42:56 director cli[32320]: <-cli.notice> admin@::ffff:10.105.0.164: CLI launched
Oct 19 09:42:58 director cli[32320]: <-cli.notice> admin@::ffff:10.105.0.164: Processing command: 1287481378337772:en
Oct 19 09:42:59 director cli[32320]: <-cli.notice> admin@::ffff:10.105.0.164: Entering enable mode
Oct 19 09:43:02 director cli[32320]: <-cli.notice> admin@::ffff:10.105.0.164: Processing command: 128748138217652:conf t
Oct 19 09:43:02 director cli[32320]: <-cli.notice> admin@::ffff:10.105.0.164: Entering config mode
Oct 19 09:43:03 director cli[32320]: <-cli.notice> admin@::ffff:10.105.0.164: Processing command: 1287481383377703:shell
Oct 19 09:43:03 director cli[32320]: <-cli.notice> admin@::ffff:10.105.0.164: Leaving config mode