4 Replies Latest reply on Jun 4, 2010 8:07 AM by Saurabh Kashikar

    Can agent store keystrokes of all commands entered on nsh shell?

      Hi,

       

      By updating log4crc.txt we can enable nexec commands logging.

      How can I log all commands like cd, pwd etc commands issued on nsh shell to logs?

        • 1. Re: Can agent store keystrokes of all commands entered on nsh shell?
          Saurabh Kashikar

          You don't get rscd.log stack trace for the shell built in commands (like pwd, cd) when your logging configuration for rscd in log4crc.txt is set to info.

           

          If you change it to "debug", you will get additional info like below:

           

          ------------
          06/04/10 09:52:33.504 DEBUG    rscd -   -1/-1 (???): ???: Enabling keepalive on the connection
          06/04/10 09:52:33.611 DEBUG    rscd -   0/0 (root): nsh: ***** New connection *****
          06/04/10 09:52:33.618 INFO     rscd -   0/0 (root): nsh: nsh
          06/04/10 09:52:33.625 INFO2    rscd -   0/0 (root): nsh: chdir (/) = 0
          06/04/10 09:52:33.631 INFO2    rscd -   0/0 (root): nsh: pwd () = /
          06/04/10 09:52:33.637 INFO2    rscd -   0/0 (root): nsh: stat (/, buf) = 0
          06/04/10 09:52:33.643 INFO2    rscd -   0/0 (root): nsh: stat (/., buf) = 0
          06/04/10 09:52:56.003 INFO2    rscd -   (root): nsh: _get_dircontents (/, 1) = 0
          06/04/10 09:52:56.010 INFO2    rscd -   (root): nsh: stat (/root, buf) = 0
          06/04/10 09:52:56.502 INFO2    rscd -   (root): nsh: lstat (/root, buf) = 0
          06/04/10 09:52:56.509 INFO2    rscd -   (root): nsh: chdir (/root) = 0
          06/04/10 09:52:56.515 INFO2    rscd -   (root): nsh: pwd () = /root
          06/04/10 09:52:56.521 INFO2    rscd -   (root): nsh: stat (/root, buf) = 0
          06/04/10 09:52:56.528 INFO2    rscd -   (root): nsh: stat (/root/., buf) = 0
          ------------

           

          Also you can get to know which commands are shell built in commands like this:

           

          test1# cd //test2
          test2# pwd
          //test2/
          test2# cd /root
          test2# which pwd
          pwd: shell built-in command
          test2# which ls
          /usr/nsh/bin/ls
          test2#

          1 of 1 people found this helpful
          • 2. Re: Can agent store keystrokes of all commands entered on nsh shell?
            Dipak Gaigole

            Nsh is similler to other shell and thus there is no logging mechanism in a shell.

            The commands which are executed against the RSCD Agent are only logged in the rscd.log/keystroke.log accordingly. Thus following #1 will not be logged whereas #2 will be logged in the rscd.log on <HOSTNAME>

             

            1) cd /tmp/

            2) cd //<HOSTNAME>/tmp/

             

            But you could get the list of executed commands from shell history:

             

            bash-2.05b$ nsh
            rhas30build1% date
            Fri Jun  4 04:41:27 EDT 2010
            rhas30build1% time
            shell  0.01s user 0.00s system 0% cpu 3.358 total
            children  0.00s user 0.01s system 0% cpu 3.358 total
            rhas30build1% pwd
            /tmp
            rhas30build1% hostname
            rhas30build1
            rhas30build1% fc -l
                1  date
                2  time
                3  pwd
                4  hostname
            rhas30build1%

            1 of 1 people found this helpful
            • 3. Re: Can agent store keystrokes of all commands entered on nsh shell?
              Bill Robinson

              if i am cd'd into a server, won't 'cd /tmp' be logged in the rscd.log?

               

              eg:

               

              server1# cd /tmp

              server1/tmp#

              • 4. Re: Can agent store keystrokes of all commands entered on nsh shell?
                Saurabh Kashikar

                Yes Bill,

                 

                if the priority for rscd category is set to "info1" (the default vanilla install value set) in /usr/lib/rsc/log4crc.txt , then the shell built in commands like cd, pwd are not traced in rscd.log. PFB the case:

                 

                Set of nsh commands run on server test1 to connect to server test2

                test1# cd //test2
                test2# cd /root
                test2# pwd
                //test2/root

                 

                rscd.log stack trace:

                06/04/10 13:51:23.466 INFO     rscd -  test1 11974 0/0 (root): nsh: nsh

                ------------------------------------

                 

                But if I set the priority to "debug", the same set of commands give following stack trace in rscd.log

                 

                06/04/10 13:49:44.714 DEBUG    rscd -  test1 10756 -1/-1 (???): ???: Enabling keepalive on the connection
                06/04/10 13:49:44.814 DEBUG    rscd -  test1 10756 0/0 (root): nsh: ***** New connection *****
                06/04/10 13:49:44.821 INFO     rscd -  test1 10756 0/0 (root): nsh: nsh
                06/04/10 13:49:44.827 INFO2    rscd -  test1 10756 0/0 (root): nsh: chdir (/) = 0
                06/04/10 13:49:44.833 INFO2    rscd -  test1 10756 0/0 (root): nsh: pwd () = /
                06/04/10 13:49:44.840 INFO2    rscd -  test1 10756 0/0 (root): nsh: stat (/, buf) = 0
                06/04/10 13:49:44.846 INFO2    rscd -  test1 10756 0/0 (root): nsh: stat (/., buf) = 0
                06/04/10 13:49:53.244 INFO2    rscd -  test1 10756 0/0 (root): nsh: lstat (/root, buf) = 0
                06/04/10 13:49:53.250 INFO2    rscd -  test1 10756 0/0 (root): nsh: chdir (/root) = 0
                06/04/10 13:49:53.256 INFO2    rscd -  test1 10756 0/0 (root): nsh: pwd () = /root
                06/04/10 13:49:53.263 INFO2    rscd -  test1 10756 0/0 (root): nsh: stat (/root, buf) = 0
                06/04/10 13:49:53.269 INFO2    rscd -  test1 10756 0/0 (root): nsh: stat (/root/., buf) = 0