×
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
 
 

Important

   

This space contains documentation for TrueSight Server Automation 8.9.03 and the later service packs for 8.9. For earlier releases, see BMC Server Automation 8.9.

TrueSight Server Automation 8.9.00 ... Troubleshooting Working with logs Controlling RSCD agent logging

How to enable RSCD agent keystroke logging

This topic was edited by a BMC Contributor and has not been approved.  More information.

Keystroke logging lets you capture keystrokes sent to an RSCD agent after the nexec command is launched. Prior to keystroke logging, someone could enter a command like this:

nexec -i -e bash

which would launch bash on the remote system. Subsequent commands would not be captured by the RSCD agent logs, until the nexec command completed or was exited (bash in the example above). Therefore, someone could launch a shell on the remote target and execute commands, and the agent logs would not capture the commands.

With keystroke logging enabled, you can capture any commands that happen after the nexec command is launched. In this way, all commands sent to a target over NSH are captured in either the NSH logs or the keystroke logs.

It is important to note that keystroke logging on the agent does not capture NSH commands. Only log commands issued through nexec are captured in the keystroke logs. For example:

NSH then cd //server, ls \-al will NOT be logged
NEXEC server "ls \-al" WILL be logged

Normal NSH commands are captured in the agent log. Keystroke logging is only for nexec commands.

Enabling keystroke logging

During Installation

To enable keystroke logging, chose yes for the following option during installation:

Do you wish to use keystroke logs for nexec commands (y/n)?

Post-Installation

To activate keystroke logging after installation, remove comments from the following lines in the log4crc.txt file and then restart the agent.

Example:
<\!-- appender name="/opt/bmc/BladeLogic/8.9/NSH/log/keystroke.log" type="encrypt" rollsize="10000000" rolltimeinsec="2419200" rollmaxfiles="10" layout="rawtime" certfile="/etc/rsc/certificate.pem" privatekeyfile="/etc/rsc/certificate.pem"/-->
Was this page helpful? Yes No Submitting... Thank you
Last modified by Bipin Inamdar on Nov 26, 2020
keystroke logging howto rscd_agent bmc_contributor contributor_unapproved

Comments

  1. Drew Trachy

    Post-installation instructions for activating keystroke logging reference the log4crc.txt file, yet on one of my servers the appenders are clearly being defined in log4crc.internal.txt. What's the difference between these two files? Are both relevant?

    Also, the references to where the rsc files are wrong. Recent versions of the agent usually put them under /etc/rsc.

    Jan 15, 2020 03:33
    1. Bipin Inamdar

      Hi Drew,

      You can ignore the log4crc.internal.txt file. It is for internal handling only and must not be modified.

      The rsc file references have been corrected.

      Dec 29, 2020 04:51
Controlling RSCD agent logging
Controlling Application Server logging
© Copyright 1996-2019 BladeLogic, Inc. © Copyright 2014-2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2021 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.