search cancel

Configure PacketShaper to review Administrative and Login Activity

book

Article ID: 175082

calendar_today

Updated On:

Products

PacketShaper

Issue/Introduction

You want to investigate any unusual activity on a PacketShaper (PS) such as an unauthorized login or configuration change.

Resolution

PacketShaper doesn't have a separate log file to track all Administrative activities. However, PS does support the 'syslog' feature and that will allow you to save and review most Administrative activities if you have a 'syslog' server to receive the data.

For example:

If you have a 'syslog' server with IP address 10.1.1.1, you can use the following command to start sending logs from PS to that server:

setup syslog add host:10.1.1.1 output:local4,6 datetime

and

setup syslog state on

You can use the command:

setup syslog show

command to check the syslog configuration on PS, for example:

PacketShaper# setup syslog show
            Status: On
          Max Rate: 20
        Total Sent: 0
        Total Lost: 0

  Server Addr                    Facility                    Level
-------------------------------------------------------------------------------
  10.1.1.1                      local4, 20                  info, 6

 

After configuring PS for 'syslog', PS will start sending log information to the 'syslog' server.

On the 'syslog' server you will see messages such as:

LOGIN- sshd Accepted ......... for touch from 172.22.19.10.......
LOGIN- sshd Failed ...............for invalid user touch2 from 10.5.6.34.........
AUDT - Unit Edited 4213300029- Set Inbound Link to 100M ..............
AUDT - Unit Edited 4213300029- Set Outbound Link to 100M ...............

which provides details about Administrative activity on the PacketShaper.