Skip to main content
NetApp Knowledge Base

Security audit logs do not show IP address for SSH connections

Views:
429
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9
  • Security audit logging via security audit log show or syslog

Issue

  • The security audit log show command does not provide IP address information for SSH connections:

Cluster01::> security audit log show -timestamp >"Mon Aug 26 13:30:00 2019"  -entry *ssh*

 Time                      Node         Audit Message
------------------------  -----------  -----------------------
Mon Aug 26 13:30:06 2019  Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4434 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: volume show -fields vserver,volume,aggregate,node :: Pending
Mon Aug 26 13:30:06 2019  Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4434 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: volume show -fields vserver,volume,aggregate,node :: Success
Mon Aug 26 13:30:06 2019  Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4435 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: Logging out

  • Audit logging via syslog does not provide IP information for SSH connections: 

Aug 23 13:22:49 Cluster01-01: Cluster01-01: 00000010.03c40d9e 2ccf243a Fri Aug 23 2019 13:22:48 -07:00 [kern_audit:info:2158] 8003ee00042890f6:8003ee00042898a5 :: Cluster01:ssh :: localhost:unknown :: Cluster01:admin1 :: version -node Cluster01-01 :: Success

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support