Exceptions for Audit Logging
The commands log-audit-exception-create, log-audit-exception-delete, and log-audit-exception-show are used to control which CLI, shell and vtysh commands are subject to auditing. If a command is subject to auditing, the command is logged in the audit log and sent to the TACACS+ server as authorization and accounting messages.
To create an audit logging exception, use the command:
CLI (network-admin@switch) > log-audit-exception-create cli|shell|vtysh [pattern pattern-string] [any|read-only|read-write] scope local|fabric
cli|shell|vtysh |
Specify the type of audit exception |
[pattern pattern-string] |
Specify the regular expression to match exceptions |
[any|read-only|read-write] |
Specify the access type to match exceptions |
scope local|fabric |
Specify the scope (local or fabric) for exception |
To delete an audit logging exception, use the command:
CLI (network-admin@switch) > log-audit-exception-delete cli|shell|vtysh [pattern pattern-string] [any|read-only|read-write]
To display the audit logging exception, use the command:
CLI (network-admin@switch) > log-audit-exception-show cli|shell|vtysh [pattern pattern-string] [any|read-only|read-write] scope local|fabric
By default, every command is audited except for read-only CLI commands and the shell command ^/usr/bin/nvmore, which is the
pager used by nvOS_cli:
CLI (network-admin@switch) > log-audit-exception-show
switch type pattern access scope
------ ----- ---------------- --------- -----
switch cli read-only local
switch shell ^/usr/bin/nvmore any local
To enable auditing of ALL CLI commands, you can delete the read-only/CLI exception:
CLI (network-admin@switch) > log-audit-exception-delete cli read-only