Exceptions for Audit Logging


The commands log-audit-exception-create, log-audit-exception-delete, and log-audit-exception-show are used to control which CLI, shell and vtysh commands are subject to auditing. If a command is subject to auditing, the command is logged in the audit log and sent to the TACACS+ server as authorization and accounting messages.


To create an audit logging exception, use the command:


CLI (network-admin@switch) >  log-audit-exception-create cli|shell|vtysh [pattern pattern-string] [any|read-only|read-write] scope local|fabric


cli|shell|vtysh

Specify the type of audit exception

[pattern pattern-string]

Specify the regular expression to match exceptions

[any|read-only|read-write]

Specify the access type to match exceptions

scope local|fabric

Specify the scope (local or fabric) for exception


To delete an audit logging exception, use the command:


CLI (network-admin@switch) > log-audit-exception-delete cli|shell|vtysh [pattern pattern-string] [any|read-only|read-write]


To display the audit logging exception, use the command:


CLI (network-admin@switch) > log-audit-exception-show cli|shell|vtysh [pattern pattern-string] [any|read-only|read-write] scope local|fabric


By default, every command is audited except for read-only CLI commands and the shell command ^/usr/bin/nvmore, which is the

pager used by nvOS_cli:


CLI (network-admin@switch) > log-audit-exception-show


switch type  pattern          access    scope

------ ----- ---------------- --------- -----

switch cli                    read-only local

switch shell ^/usr/bin/nvmore any       local


To enable auditing of ALL CLI commands, you can delete the read-only/CLI exception:


CLI (network-admin@switch) > log-audit-exception-delete cli read-only