This space contains documentation for TrueSight Server Automation 8.9.03 and the later service packs for 8.9. For earlier releases, see BMC Server Automation 8.9.

How to enable RSCD agent keystroke logging

This topic was edited by a BMC Contributor and has not been approved.  More information.

Keystroke logging lets you capture keystrokes sent to an RSCD agent after the nexec command is launched. Prior to keystroke logging, someone could enter a command like this:

nexec -i -e bash

which would launch bash on the remote system. Subsequent commands would not be captured by the RSCD agent logs, until the nexec command completed or was exited (bash in the example above). Therefore, someone could launch a shell on the remote target and execute commands, and the agent logs would not capture the commands.

With keystroke logging enabled, you can capture any commands that happen after the nexec command is launched. In this way, all commands sent to a target over NSH are captured in either the NSH logs or the keystroke logs.

It is important to note that keystroke logging on the agent does not capture NSH commands. Only log commands issued through nexec are captured in the keystroke logs. For example:

NSH then cd //server, ls \-al will NOT be logged
NEXEC server "ls \-al" WILL be logged

Normal NSH commands are captured in the agent log. Keystroke logging is only for nexec commands.

Enabling keystroke logging

During Installation

To enable keystroke logging, chose yes for the following option during installation:

Do you wish to use keystroke logs for nexec commands (y/n)?


To activate keystroke logging after installation, remove comments from the following lines in the log4crc.txt file and then restart the agent.

<\!-- appender name="/opt/bmc/BladeLogic/8.9/NSH/log/keystroke.log" type="encrypt" rollsize="10000000" rolltimeinsec="2419200" rollmaxfiles="10" layout="rawtime" certfile="/etc/rsc/certificate.pem" privatekeyfile="/etc/rsc/certificate.pem"/-->
Was this page helpful? Yes No Submitting... Thank you


  1. Drew Trachy

    Post-installation instructions for activating keystroke logging reference the log4crc.txt file, yet on one of my servers the appenders are clearly being defined in log4crc.internal.txt. What's the difference between these two files? Are both relevant?

    Also, the references to where the rsc files are wrong. Recent versions of the agent usually put them under /etc/rsc.

    Jan 15, 2020 03:33
    1. Bipin Inamdar

      Hi Drew,

      You can ignore the log4crc.internal.txt file. It is for internal handling only and must not be modified.

      The rsc file references have been corrected.

      Dec 29, 2020 04:51