AR1220 Router Access LOG

Hi Vlater,

Please check the output of 'display trapbuffer' or the logs from flash for this log :
SHELL/5/CMDRECORD:Recorded command information. (Task=[string], Ip=[string], VpnName=[STRING], User=[string], AuthenticationMethod="[STRING]", Command="[string]")

http://support.huawei.com/hedex/hdx.do?docid=EDOC1000163385&id=SHELL_CMDRECORD&text=SHELL%2F5%2FCMDRECORD&lang=en

There you can see the user who applied that command.
Hope it helps you.

Thanks for the reply, but I could not find any log with this information, it could have been the case that after the configuration they were not saved and with this was lost what was configured (but it is not the case was as below the router is to 11 weeks up), very strange this, because I'm absolutely sure it was deleted by some person, the problem is to know who it was, you have another solution to try to find out?

The only entries after the 'display trapbuffer' command are:
=======================================

ARP/4/ARP_IPCONFLICT_TRAP
ENTITYTRAP/4/CPUUSAGERESUME
L2IFPPI/4/ILLEGAL_MAC_TRAP
ENTMIB/4/TRAP
LLDP/4/ADDCHGTRAP


active time
=======

<AM4575RA1.am.caixa>dis ver
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.160 (AR1200 V200R007C00SPC900)
Copyright (C) 2011-2016 HUAWEI TECH CO., LTD
Huawei AR1220 Router uptime is 11 weeks, 5 days, 7 hours, 55 minutes

content of my flash
=============

Idx Attr Size(Byte) Date Time(LMT) FileName
0 -rw- 304,700 Sep 16 2014 20:31:47 sacrule.dat
1 -rw- 5,814 Jul 16 2018 15:50:14 vrpcfg.zip
2 -rw- 0 May 07 2014 04:04:10 brdxpon_snmp_cfg.efs
3 -rw- 41,600 Sep 16 2014 21:29:08 ar1220_v200r005c00hp0002.pat
4 drw- - May 07 2014 04:05:46 dhcp
5 -rw- 2,976 Apr 25 2018 09:18:55 mon_file.txt
6 -rw- 1,260 May 07 2014 04:06:46 rsa_host_key.efs
7 -rw- 540 May 07 2014 04:06:53 rsa_server_key.efs
8 -rw- 1,467 Jul 16 2018 15:50:21 private-data.txt
9 -rw- 17,280 Mar 20 2017 13:29:13 ar1220-v200r007sph001.pat
10 -rw- 3,072 Oct 30 2014 18:19:32 Boot_LogFile
11 -rw- 104,163,840 Sep 08 2016 18:01:30 ar1220-v200r005c00spc2002.cc
12 -rw- 4,323 May 31 2017 18:51:34 iascfg_autobackup.zip
13 -rw- 104,520,320 Mar 20 2017 13:56:18 ar1220-v200r007c00spc900.cc
14 drw- - May 31 2017 18:54:35 update
15 drw- - May 31 2017 18:56:56 localuser

You can try to locate the log location using the following command sequence.
<Huawei> save logfile
<Huawei> display info-center logfile path
Info: Logfile save path is usb0:/logfile

Then you can use FTP to transfer the log.log file into your computer to have an in-depth check.
Also, if you want to check logs from months ago, you may need to download the archives that are corresponding with that period.
Router is doing some automatic archiving in order to spare the space on the disk.