1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. NonStop SSH 544701-014
  6. Reference manual

Customizing The Log Format; Content Of Audit Messages - HP NonStop SSH 544701-014 Reference Manual

Hide thumbs
Table of Contents

Advertisement

For details about the parameters controlling the log behavior please refer to the LOG parameters in the chapter titled
"Configuring and Running
See the section on
"Log File/Audit File

Customizing the Log Format

SSH2 allows users to customize certain aspects of the appearance of log messages. Using the LOGFORMAT parameter,
you can add the current date to the log message header. Please refer to the "LOGFORMAT" parameter description in the
"SSH2 Parameter Reference" (chapter "Configuring and Running SSH2") for details.
Audit Messages

Content of Audit Messages

Audit messages are generated for various kinds of events:
Authentication for a remote user.
Starting of a SSH-subsystem such as SFTP.
Opening of a file.
Closing of a file.
Each audit message has a result: there can be a failure, or they can be granted or denied.
An individual audit message looks as follows:
$SSH49|22Dec10 15:20:47|10.0.0.78:1218: comf.us@10.0.0.78 authentication granted (method password): password ok.
System user: COMF.US with the individual components as follows (from left to right):
process name ("$SSH49")
timestamp ("22Dec10 15:20:47")
session identifier in SESSION-LOG-ID format ("10.0.0.78:1218"), if available
local user id (present only in some audit messages)
user and remote IP address ("comf.us@10.0.0.78")
a string describing the operation and the outcome ("authentication granted (method password): password ok ")
Sample Audit Messages
The following listing shows the audit messages written for a single download of a file "/G/data1/ushome/test6" from the
user "comf.us" at remote IP address 10.0.0.78:
$SSH49|22Dec10 15:31:12|10.0.0.78:1256: comf.us@10.0.0.78 authentication granted
(method password): password ok. System user: COMF.US
$SSH49|22Dec10 15:31:13|10.0.0.78:1256(COMF.US): comf.us@10.0.0.78 subsystem sftp
granted
$SSH49|22Dec10 15:31:13|10.0.0.78:1256(COMF.US): comf.us@10.0.0.78 list
/G/data1/ushome granted
$SSH49|22Dec10 15:31:22|10.0.0.78:1256(COMF.US): comf.us@10.0.0.78 open
/G/data1/ushome/test6 (mode read) granted (error 0)
$SSH49|22Dec10 15:31:25|10.0.0.78:1256(COMF.US): comf.us@10.0.0.78 close
/G/data1/ushome/test6: size 173, 173 bytes read, 0 bytes written
The following shows an audit message for a user trying to access the system with a non-existing username
("wronguser"):
282 • Monitoring and Auditing
SSH2".
Rollover", on how to look at the content of a log file.
HP NonStop SSH Reference Manual
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for HP NonStop SSH 544701-014

Related Content for HP NonStop SSH 544701-014

Table of Contents