跳转到主内容

安全审核日志不会显示 SSH 的 IP 地址 连接

Views:
32
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
CORE
Last Updated:

适用场景

  • ONTAP 9
  • 通过 security audit log show 或系统日志记录安全审核

问题描述

  • security audit log show命令不提供SSH连接的IP地址信息:

Cluster01::> security audit log show -timestamp >"Mon Aug 26 13:30:00 2019" -entry *ssh*

 Time            Node      Audit Message
------------------------  -----------  -----------------------
Mon Aug 26 13:30:06 2019  Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4434 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: volume show -fields vserver,volume,aggregate,node :: Pending
Mon Aug 26 13:30:06 2019  Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4434 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: volume show -fields vserver,volume,aggregate,node :: Success
Mon Aug 26 13:30:06 2019  Cluster01-01 [kern_audit:info:2158] 8003ee00042c4433:8003ee00042c4435 :: Cluster01:ssh :: localhost:unknown :: Cluster01:snapdrive :: Logging out

  • 通过系统日志记录的审核不会提供SSH连接的IP信息: 

Aug 23 13:22:49 Cluster01-01: Cluster01-01: 00000010.03c40d9e 2ccf243a Fri Aug 23 2019 13:22:48 -07:00 [kern_audit:info:2158] 8003ee00042890f6:8003ee00042898a5 :: Cluster01:ssh :: localhost:unknown :: Cluster01:admin1 :: version -node Cluster01-01 :: Success

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.