How to enable RSCD agent keystroke logging
Keystroke logging lets you capture keystrokes sent to an RSCD agent after the
nexec command is launched. Prior to keystroke logging, someone could enter a command like this:
nexec -i -e bash
which would launch bash on the remote system. Subsequent commands would not be captured by the RSCD agent logs, until the
nexec command completed or was exited (
bash in the example above). Therefore, someone could launch a shell on the remote target and execute commands, and the agent logs would not capture the commands.
With keystroke logging enabled, you can capture any commands that happen after the
nexec command is launched. In this way, all commands sent to a target over NSH are captured in either the NSH logs or the keystroke logs.
It is important to note that keystroke logging on the agent does not capture NSH commands. Only log commands issued through
nexec are captured in the keystroke logs. For example:
NSH then cd //server, ls \-al will NOT be logged NEXEC server "ls \-al" WILL be logged
Normal NSH commands are captured in the agent log. Keystroke logging is only for
Enabling keystroke logging
To enable keystroke logging, chose yes for the following option during installation:
Do you wish to use keystroke logs for nexec commands (y/n)?
To activate keystroke logging after installation, remove comments from the following lines in the log4crc.txt file and then restart the agent.
Example: <\!-- appender name="/opt/bmc/BladeLogic/8.9/NSH/log/keystroke.log" type="encrypt" rollsize="10000000" rolltimeinsec="2419200" rollmaxfiles="10" layout="rawtime" certfile="/etc/rsc/certificate.pem" privatekeyfile="/etc/rsc/certificate.pem"/-->