Solved: Re: Gateway cli login logs

Vengatesh_SR · ‎2018-08-08

Hi Guys,

1) We having the MDS setup and tacacs enabled on it.

2) Whenever the users are logged into gateway cli we are unable to see the logs in the smart view tracker --> mgmt tab.

3) Earlier it was reflecting with the information when the user logged and what the users have changed it on the cli.

4) Now we can see only the login and logout logs for the smart console not for the gateway cli.

5) we are using r77.30

Is the any way we can t.shoot it ?

JozkoMrkvicka · ‎2018-08-08

You will see in mgmt tab only logs related to MDS / CMA (for example policy push, creation/modification/deletion of rule, ...).

If you want to see what happened on CLI of gateway, check /var/log/messages.

For login (authentification) logs, check /var/log/secure.

Kind regards,
Jozko Mrkvicka

View solution in original post

JozkoMrkvicka · ‎2018-08-08

You will see in mgmt tab only logs related to MDS / CMA (for example policy push, creation/modification/deletion of rule, ...).

If you want to see what happened on CLI of gateway, check /var/log/messages.

For login (authentification) logs, check /var/log/secure.

Kind regards,
Jozko Mrkvicka

Maarten_Sjouw · ‎2018-08-08

Only problem with the /var/log/messages file is the size and the number of saved revisions, which defaults to 64KB and 4 files. This can be easily adjusted with the command:

/bin/log_start limit 0 8388608 10

This will set the filesize to 8MB and the number of files to 10.

you could use the followinf command to display all login and logout entries:

cat message* | grep User

Regards, Maarten

JozkoMrkvicka · ‎2018-08-08

Or configure syslog server and send all syslog messages to it for further checks and better solution (filtering based on facility or severity).

Kind regards,
Jozko Mrkvicka

Vladimir · ‎2018-08-08

Try:

Vincent_Bacher · ‎2018-08-08

And maybe customize syslog as per sk92798 might be useful?

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Vladimir · ‎2018-08-08

Possibly, but I'm not sure how: The solution does allow for creation of additional syslog facilities and adjustments to the logs written to those, but I do not know how to specify which facility will be writing those messages to the CPlog.

Vincent_Bacher · ‎2018-08-08

If i have time, I'll test in my VM lab environment.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

Vladimir · ‎2018-08-08

Thanks! Let us know what you'll find out.

Vincent_Bacher · ‎2018-08-08

That works partially. Just added a line to /etc/syslog.conf

user.info /var/log/messages

Log in is logged (log out as well)

Time:                   2018-08-09T06:17:57Z
Id:                     0a012804-8d8e-b307-5b6b-f8b500280000
Id Generated By Indexer:true
First:                  true
Sequencenum:            2
Default Device Message: <86>sshd[12082]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Facility:               security/authorization messages
Syslog Severity:        Informational
Product Category:       OS
User:                   admin
Login Status:           succeeded
Action:                 Log In
Type:                   Log
Blade:                  Linux OS
Origin:                 gw
Product Family:         Network

and i see clish activity, for instance when deleting a route

Time:                   2018-08-09T06:18:26Z
Id:                     0a012804-8d0e-b407-5b6b-f8d20018000e
Id Generated By Indexer:true
First:                  true
Sequencenum:            2
Default Device Message: <13>clish[12138]: cmd by admin: Processing : set static-route 1.2.3.4/32 nexthop gateway address 1.1.1.1 off (cmd md5: 95155c9669bb592dc869622678b8c821)
Facility:               user-level messages
Syslog Severity:        Notice
Type:                   Log
Blade:                  Syslog
Origin:                 gw
Product Family:         Network
Description:

but i don't see expert level activity. Just set an interface down using ifconfig and up again and nothing is displayed in syslog/SmartLog.

Don't know if more can be enabled, was just a quick test, cause i was interested.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

B_P · ‎2018-12-26

Is there a way to search SmartConsole for specific changes? For example, I changed a DNS entry via Gaia web and I can see it logged in SmartConsole, but I can't return the specific log via any kind of specific search -- i.e. my username, or "DNS" or anything really.

sandeepsutar · ‎2025-11-08

Thanks for this, it saved me alot of time.

Is there a way to track webUI login? i have enabled all system logging options mentioned in your screenshot.

Regards,

Tal_Paz-Fridman · ‎2025-11-08

Gaia Portal (WebUI) login is logged as Audit Logs:

There is also a new Playblocks Automation for this:

JozkoMrkvicka · ‎2018-08-08

How to export syslog messages from Security Gateway on Gaia OS to a Log Server and view them in Smar...

Kind regards,
Jozko Mrkvicka

Are you a member of CheckMates?

Gateway cli login logs