EasyManuals Logo
Home>HP>Software>NonStop SSH 544701-014

HP NonStop SSH 544701-014 User Manual

HP NonStop SSH 544701-014
344 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #282 background imageLoading...
Page #282 background image
282 • Monitoring and Auditing HP NonStop SSH Reference Manual
For details about the parameters controlling the log behavior please refer to the LOG parameters in the chapter titled
"Configuring and Running SSH2".
See the section on "Log File/Audit File Rollover", on how to look at the content of a log file.
Customizing the Log Format
SSH2 allows users to customize certain aspects of the appearance of log messages. Using the LOGFORMAT parameter,
you can add the current date to the log message header. Please refer to the "LOGFORMAT" parameter description in the
"SSH2 Parameter Reference" (chapter "Configuring and Running SSH2") for details.
Audit Messages
Content of Audit Messages
Audit messages are generated for various kinds of events:
• Authentication for a remote user.
• Starting of a SSH-subsystem such as SFTP.
• Opening of a file.
• Closing of a file.
Each audit message has a result: there can be a failure, or they can be granted or denied.
An individual audit message looks as follows:
$SSH49|22Dec10 15:20:47|10.0.0.78:1218: comf.us@10.0.0.78 authentication granted (method password): password ok.
System user: COMF.US with the individual components as follows (from left to right):
• process name ("$SSH49")
• timestamp ("22Dec10 15:20:47")
• session identifier in SESSION-LOG-ID format ("10.0.0.78:1218"), if available
• local user id (present only in some audit messages)
• user and remote IP address ("comf.us@10.0.0.78")
• a string describing the operation and the outcome ("authentication granted (method password): password ok ")
Sample Audit Messages
The following listing shows the audit messages written for a single download of a file "/G/data1/ushome/test6" from the
user "comf.us" at remote IP address 10.0.0.78:
$SSH49|22Dec10 15:31:12|10.0.0.78:1256: comf.us@10.0.0.78 authentication granted
(method password): password ok. System user: COMF.US
$SSH49|22Dec10 15:31:13|10.0.0.78:1256(COMF.US): comf.us@10.0.0.78 subsystem sftp
granted
$SSH49|22Dec10 15:31:13|10.0.0.78:1256(COMF.US): comf.us@10.0.0.78 list
/G/data1/ushome granted
$SSH49|22Dec10 15:31:22|10.0.0.78:1256(COMF.US): comf.us@10.0.0.78 open
/G/data1/ushome/test6 (mode read) granted (error 0)
$SSH49|22Dec10 15:31:25|10.0.0.78:1256(COMF.US): comf.us@10.0.0.78 close
/G/data1/ushome/test6: size 173, 173 bytes read, 0 bytes written
The following shows an audit message for a user trying to access the system with a non-existing username
("wronguser"):

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP NonStop SSH 544701-014 and is the answer not in the manual?

HP NonStop SSH 544701-014 Specifications

General IconGeneral
BrandHP
ModelNonStop SSH 544701-014
CategorySoftware
LanguageEnglish

Related product manuals