Saving your session log is a must feature in my opinion. Not only for compliance/security reasons (with some companies) but it can save you (trust me on that one) in case of a human error. You can always go back and verify what was typed.
Personally, I’m saving my logs locally which are also backed up automatically to the cloud for redundant copy. They helped me on numerous occasions to confirm integrity and will definitely help you.
In this quick tutorial (2 steps) I’ll show you where to go to enable local logging as well as the syntax to use to get proper naming convention. This should work for both Win and Mac users.
Open SecureCRT and go to Options > Edit Default Session
Under Category section locate Log File entry and select it
Log file name – This is your repo where your logs will be stored as well as the name of the file.
/Volumes/EHDD/Box Sync/SecureCRT_Logging/[%S][%H] – %M-%D-%Y-%hh%mm%ss.log
/Volumes/EHDD/Box Sync/SecureCRT_Logging/ – is your file directory. Create your own repository and point SecureCRT to it.
/[%S][%H] – %M-%D-%Y-%hh%mm%ss.log – is the naming convention for the file:
%S – Session name. If you have saved sessions with names it will pick that up for you.
%H – Hostname. This is typically IP address of the host but could also be DNS name if you leverage that. In this case you don’t need %S.
%M – Month of that session
%D – Day of that session
%Y – Year of that session
%hh – Hour of that session
%mm – Minutes of that session
%ss – Seconds of that session
%t – Milliseconds of that session
.log – default file extension
File output from above would look like that: [DEMO01-ASAv][10.100.16.52] – 05-17-2018-09h38m08s.log
Options – Make sure you have selected Start log upon connect AND Append to file
Custom Log Data – This is extra(optional) piece if you want to be more granular.
Upon Connect – This will be embedded line of text prior log capture i.e: Session Recording Start for %S [%H] – %M-%D-%Y %hh%mm%ss
Upon Disconnect – This will be embedded line of text at the end of the capture session i.e: Session Recording Stop for %S [%H] – %M-%D-%Y %hh%mm%ss
On each line – This is an extra line of text for each line of recorded session. Very powerful if you want to know timestamp for each line of code i.e %h:%m:%s.%t
Sample output from the log file:09:38:08.263 Session Recording Start for DEMO01-ASAv [10.100.16.52] – 05-17-2018 09h38m08s 09:38:08.348 User x logged in to Demo01-ASAv 09:38:08.348 Logins over the last 91 days: 2. Last login: 17:23:28 UTC Apr 10 2018 from 10.15.156.18 09:38:08.351 Failed logins since the last login: 1. Last failed login: 14:35:08 UTC Apr 17 2018 from 10.15.156.18 09:38:08.351 Type help or ‘?’ for a list of available commands. 09:38:09.669 Demo01-ASAv> en 09:38:10.957 Password: ******** 09:38:11.164 Demo01-ASAv# 09:38:11.325 Demo01-ASAv# 09:38:11.501 Demo01-ASAv# 09:38:11.653 Demo01-ASAv# 09:38:15.937 Demo01-ASAv# sh ver | in Version 09:38:15.937 Cisco Adaptive Security Appliance Software Version 9.8(2)20 09:38:15.942 Firepower Extensible Operating System Version 2.2(2.63) 09:38:15.942 Device Manager Version 7.8(1) 09:38:20.158 Demo01-ASAv# exit 09:38:20.158 09:38:20.162 Logoff 09:38:20.163 Session Recording Stop for DEMO01-ASAv [10.100.16.52] – 05-17-2018 09h38m20s
That’s pretty much it. Let me know if it works for you or if you having any issues. I hope you can embrace that feature since it’s a powerful add-on that I believe everybody who is on CLI all day should be leveraging.
Bart is passionate about new technologies and their impact on our lives. He does not believe in titles or amount of certifications but positive attitude and motivation. Simply the guy that make things happen. You can reach him via Linkedin or meet him on CSGO. Currently focusing on architecting and designing custom-build hybrid cloud solutions around IaaS, DRaaS, BaaS realm.