CommandLog_Command
The CommandLog_Command keeps all commands run during SSH/TELNET sessions.
If users execute a black key (blocked command) or white key (allowed command), the related log is labeled as allowed=false and allowed=true, respectively. The table below shows the information sent with this log.
sessionId | Specific id of the log in the Kron PAM database. |
---|---|
username | The username used to log in to Kron PAM and execute the command. |
Host | Kron PAM Host IP. |
sessionStartTime | The time when the session started. |
sessionEndTime | The time when the session finished. |
globalUserName | GlobalUserName used for authentication. |
clientIp | Source IP of the device that executed the command. |
commandTime | The exact time the command was executed. |
command | Executed command. |
Allowed | Shows if the executed command is allowed by the administrator or not. If allowed=true, authorized, the command can be executed. If allowed=false, an unauthorized, command can’t be executed. |
instanceName | The name of the instance that executed the command. |
Allowed Commands
Syslog Version | Syslog Timestamp | Syslog Hostname | Syslog App Name | Syslog Process ID | Syslog Log Message |
---|
1 2021-04-01T10:52:52.384Z d-scon01 SyslogSenderForCommandLog_Command - - - CEF:0|KRONTECH|singleconnect|2.20.0|100|CommandLog_Command|10|{sessionId='395e663a5fcf7b3670efa5b3', userName='admin', host='83.91.179.22', sessionStartTime=2021-04-01 11:51:51.795, sessionEndTime=2021-04-01 11:52:27.019, globalUserName='pam-test11', clientIp='62.242.222.57', commandTime=2021-04-01 11:52:10.221, command\='ls', allowed\=true, instanceName='d-scon01'} |
Blocked Commands
Syslog Version | Syslog Timestamp | Syslog Hostname | Syslog App Name | Syslog Process ID | Syslog Log Message |
---|
1 2021-04-01T10:52:52.384Z d-scon01 SyslogSenderForCommandLog_Command - - - CEF:0|KRONTECH|singleconnect|2.20.0|100|CommandLog_Command|10|{sessionId\='395e663a5fcf7b3670efa5b3', userName\='admin', host\='83.91.179.22', sessionStartTime\=2021-04-01 11:51:51.795, sessionEndTime\=2021-04-01 11:52:27.019, globalUserName\='pam-test11', clientIp\='62.242.222.57', commandTime\=2021-04-01 11:52:12.159, command\='date', allowed\=false, instanceName\='d-scon01'} |