How-To Guides
...
Integrate with SIEM Systems
Log Packets Explanations

CommandLog_Command

2min

The CommandLog_Command keeps all commands run during SSH/TELNET sessions.

If users execute a black key (blocked command) or white key (allowed command), the related log is labeled as allowed=false and allowed=true, respectively. The table below shows the information sent with this log.

sessionId

Specific id of the log in the Kron PAM database.

username

The username used to log in to Kron PAM and execute the command.

Host

Kron PAM Host IP.

sessionStartTime

The time when the session started.

sessionEndTime

The time when the session finished.

globalUserName

GlobalUserName used for authentication.

clientIp

Source IP of the device that executed the command.

commandTime

The exact time the command was executed.

command

Executed command.

Allowed

Shows if the executed command is allowed by the administrator or not.

If allowed=true, authorized, the command can be executed.

If allowed=false, an unauthorized, command can’t be executed.

instanceName

The name of the instance that executed the command.

Allowed Commands

Syslog Version | Syslog Timestamp | Syslog Hostname | Syslog App Name | Syslog Process ID | Syslog Log Message

1 2021-04-01T10:52:52.384Z d-scon01 SyslogSenderForCommandLog_Command - - - CEF:0|KRONTECH|singleconnect|2.20.0|100|CommandLog_Command|10|{sessionId='395e663a5fcf7b3670efa5b3', userName='admin', host='83.91.179.22', sessionStartTime=2021-04-01 11:51:51.795, sessionEndTime=2021-04-01 11:52:27.019, globalUserName='pam-test11', clientIp='62.242.222.57', commandTime=2021-04-01 11:52:10.221, command\='ls', allowed\=true, instanceName='d-scon01'}

Blocked Commands

Syslog Version | Syslog Timestamp | Syslog Hostname | Syslog App Name | Syslog Process ID | Syslog Log Message

1 2021-04-01T10:52:52.384Z d-scon01 SyslogSenderForCommandLog_Command - - -

 CEF:0|KRONTECH|singleconnect|2.20.0|100|CommandLog_Command|10|{sessionId\='395e663a5fcf7b3670efa5b3', userName\='admin', host\='83.91.179.22', sessionStartTime\=2021-04-01 11:51:51.795, sessionEndTime\=2021-04-01 11:52:27.019, globalUserName\='pam-test11', clientIp\='62.242.222.57', commandTime\=2021-04-01 11:52:12.159, command\='date', allowed\=false, instanceName\='d-scon01'}



PREVIOUS
CommandLog_All
NEXT
CommandLog_FileTransfer
Docs powered by Archbee