安全审核日志不会显示 SSH 的 IP 地址 连接
适用场景
- ONTAP 9
- 通过
security audit log show
或系统日志记录安全审核
问题描述
security audit log show
命令不提供SSH连接的IP地址信息:
Cluster01::> security audit log show -timestamp >"Mon Aug 26 13:30:00 2019" -entry *ssh*
Time Node Audit Message
------------------------ ----------- -----------------------
Mon Aug 26 13:30:06 2019 Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4434 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: volume show -fields vserver,volume,aggregate,node :: Pending
Mon Aug 26 13:30:06 2019 Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4434 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: volume show -fields vserver,volume,aggregate,node :: Success
Mon Aug 26 13:30:06 2019 Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4435 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: Logging out
- 通过系统日志记录的审核不会提供SSH连接的IP信息:
Aug 23 13:22:49 Cluster01-01: Cluster01-01: 00000010.03c40d9e 2ccf243a Fri Aug 23 2019 13:22:48 -07:00 [kern_audit:info:2158] 8003ee00042890f6:8003ee00042898a5 :: Cluster01:ssh :: localhost:unknown :: Cluster01:admin1 :: version -node Cluster01-01 :: Success