Security audit logs do not show IP address for SSH connections
Applies to
- ONTAP 9
- Security audit logging via
security audit log show
or syslog
Issue
- The
security audit log show
command does not provide IP address information for SSH connections:
Cluster01::> security audit log show -timestamp >"Mon Aug 26 13:30:00 2019" -entry *ssh*
Time Node Audit Message
------------------------ ----------- -----------------------
Mon Aug 26 13:30:06 2019 Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4434 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: volume show -fields vserver,volume,aggregate,node :: Pending
Mon Aug 26 13:30:06 2019 Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4434 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: volume show -fields vserver,volume,aggregate,node :: Success
Mon Aug 26 13:30:06 2019 Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4435 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: Logging out
- Audit logging via syslog does not provide IP information for SSH connections:
Aug 23 13:22:49 Cluster01-01: Cluster01-01: 00000010.03c40d9e 2ccf243a Fri Aug 23 2019 13:22:48 -07:00 [kern_audit:info:2158] 8003ee00042890f6:8003ee00042898a5 :: Cluster01:ssh :: localhost:unknown :: Cluster01:admin1 :: version -node Cluster01-01 :: Success