Exceptions for Audit Logging


New commands log-audit-exception-create, log-audit-exception-delete, and log-audit-exception-show are used to control which CLI, shell and vtysh commands are subject to auditing.


If a command is subject to auditing, the command is logged in the audit log and sent to the TACACS+ server as authorization and accounting messages.


CLI network-admin@Spine1 > log-audit-exception-create


 

Create an audit logging exception.

cli|shell|vtysh

Specify the type of audit exception.

pattern pattern-string

Specify a regular expression to match exceptions.

any|read-only|read-write

Specify the access type to match exceptions.

scope local|fabric

Specify the scope of exceptions.


CLI network-admin@Spine1 > log-audit-exception-delete


 

Delete an audit logging exception.

cli|shell|vtysh

Specify the type of audit exception.

pattern pattern-string

Specify a regular expression to match exceptions.

any|read-only|read-write

Specify the access type to match exceptions.


CLI network-admin@Spine1 > log-audit-exception-show


 

Display audit logging exceptions.

cli|shell|vtysh

Display the type of audit exception.

pattern pattern-string

Display a regular expression to match exceptions.

any|read-only|read-write

Display the access type to match exceptions.

scope local|fabric

Display the scope of exceptions.


By default, every command is audited except for read-only CLI commands and ^/usr/bin/nvmore which is the pager for the Netvisor One CLI:


CLI (network-admin@switch) > log-audit-exception-show


switch type  pattern          access    scope

------ ----- ---------------- --------- -----

switch cli                    read-only local

switch shell ^/usr/bin/nvmore any       local


To enable auditing of ALL CLI commands, you can delete the cli/read-only exception:


CLI (network-admin@switch) > log-audit-exception-delete cli read-only