The event logging feature, called Accounting, stores information about significant user events (for example, logins) in an accounting log file. Instructions on how to configure it are available in Chapter 26 in the DNAS Management Guide.
Since the access server offers limited mass storage, preserving the accounting information requires the use of the console logging feature or a “harvester” application running on a management station. This blog entry describes the user interface commands you can use to manage the accounting feature.
What DECserver Events Are Logged?
The following list shows the events that are logged in each accounting log entry type:
- Port Login
- Port Logout
- Session Connect Attempt
- Session Disconnect
- Kerberos Password Fail
- Privilege Password Fail
- Maintenance Password Fail
- Login Password Fail
- Remote Password Fail
- SNMP Community Fail
- Privilege Password Modified
- Maintenance Password Modified
- Login Password Modified
- User Privilege Level Modified
- SNMP Community Modified
- Remote Password Modified
Accounting Log File
The size of the log file is defined by the administrator and if it's set to zero, no logging will occur. The maximum size of the log file is 512Kb/s. The log file can be viewed as a circular buffer with entries added in chronological order. When the end of the buffer is reached, a newly created entry will overwrite the oldest existing entry.
Examples of Event Log Entries
User logged into port 1 and set user status to 'Privileged'
Local> show account log
Accounting Log:
Event: Login Time: 0 00:01:04
Port: 1 Access: Local
Username: LAB
Event: User Privilege Level Modified Time: 0 00:01:41
Port: 1
Username: LAB
Log entry after attempting to contact a non configured telnet port:
Local> show account log
Accounting Log:
Event: Login Time: 0 00:01:04
Port: 1 Access: Local
Username: LAB
Event: User Privilege Level Modified Time: 0 00:01:41
Port: 1
Username: LAB
User tried to log into a telnet listener that was not configured
Local> show account log
Accounting Log:
Event: Session Connect Attempt Time: 0 00:03:42
Port: 1 Sessid: 1 Protocol: TELNET Access: Local
Username: LAB
Peer: 0 LAT_08002BB03B0B 2010
Event: Session Disconnect Time: 0 00:03:42
Port: 1 Sessid: 1 Protocol: TELNET
Reason: Error TX: 0 bytes RX: 0 bytes
Username: LAB
User connected to a DECserver through the remote port (port 17 on a 16 port DECserver)
Local> show account log
Accounting Log:
Event: Session Connect Attempt Time: 0 00:01:42
Port: 17 Sessid: 1 Protocol: TELNET Access: Remote
Username: REMOTE CONSOLE
Peer: 10.0.0.117 3323
Event: Login Time: 0 00:01:49
Port: 17 Access: Local
Username: sd
Event: User Privilege Level Modified Time: 0 00:02:23
Port: 17
Username: sd
User logging into remote port but causes password failure
Local> show account log
Accounting Log:
Event: Login Time: 0 02:15:23
Port: 17 Access: Local
Username: tester
Event: Privileged Password Failure Time: 0 02:16:08
Port: 17
Username: tester
Event: User Privilege Level Modified Time: 0 02:16:12
Port: 17
Username: tester
Telnet Remote View of the Accounting Log
When console logging is enabled, the accounting component displays the accounting events on the server console as they occur. This can be useful for viewing events on a console terminal or printer. It is also possible to view (and log to a file) the console events remotely. If you place a loopback connector on the access server console port and associate a Telnet listener with this port, you can connect to the port and view the console messages remotely.
The following example shows the commands necessary to remotely view the accounting log via Telnet with a loopback connector on port 16:
Local> CHANGE PORT 16 ACCESS REMOTE
Local> CHANGE TELNET LISTENER 2001 PORT 16
Local> CHANGE TELNET LISTENER 2001 CONNECTION ENABLE
Local> CHANGE SERVER CONSOLE 16
Local> CHANGE PORT 16 AUTOBAUD DISABLED SPEED 57600
From a remote UNIX/LINUX system, the command is (replace x.x.x.x with your server’s IP address):
# TELNET x.x.x.x 2001
This will cause the accounting events to be displayed on the remote screen. To log the events to a file, type the following command (replace x.x.x.x with your server’s IP address):
# TELNET x.x.x.x 2001 > ACCT.LOG
See Chapter 26 in the DNAS Management Guide for more details. Questions? Leave a comment.