Exceptions for Audit Logging

The commands log-audit-exception-create, log-audit-exception-delete, and log-audit-exception-show are used to control which CLI, shell and vtysh commands are subject to auditing. If a command is subject to auditing, the command is logged in the audit log and sent to the TACACS+ server as authorization and accounting messages.

To create an audit logging exception, use the command:

CLI (network-admin@switch) >  log-audit-exception-create cli|shell|vtysh [pattern pattern-string] [any|read-only|read-write] scope local|fabric


Specify the type of audit exception

[pattern pattern-string]

Specify the regular expression to match exceptions


Specify the access type to match exceptions

scope local|fabric

Specify the scope (local or fabric) for exception

To delete an audit logging exception, use the command:

CLI (network-admin@switch) > log-audit-exception-delete cli|shell|vtysh [pattern pattern-string] [any|read-only|read-write]

To display the audit logging exception, use the command:

CLI (network-admin@switch) > log-audit-exception-show cli|shell|vtysh [pattern pattern-string] [any|read-only|read-write] scope local|fabric

By default, every command is audited except for read-only CLI commands and the shell command ^/usr/bin/nvmore, which is the

pager used by nvOS_cli:

CLI (network-admin@switch) > log-audit-exception-show

switch type  pattern          access    scope

------ ----- ---------------- --------- -----

switch cli                    read-only local

switch shell ^/usr/bin/nvmore any       local

To enable auditing of ALL CLI commands, you can delete the read-only/CLI exception:

CLI (network-admin@switch) > log-audit-exception-delete cli read-only