Got it

AR1220 Router Access LOG

Created: Jul 16, 2018 15:45:55Latest reply: Jul 17, 2018 05:53:07 1163 3 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
Good afternoon, my name is Valter, I am an employee of the technology company
that provides IT service within Caixa Econômica Federal in Brazil, the security
department contacted me that I was not able to access the cameras through the
network and log in to the router. Which had erased a prefix list, my question is
whether the router itself gets stored some access log to it so that it can try
to identify who excludes the line. Thanks in advance for the help.
  • x
  • convention:

Featured Answers
Sergio93
Created Jul 16, 2018 16:01:14

Hi Vlater,

Please check the output of 'display trapbuffer' or the logs from flash for this log :
SHELL/5/CMDRECORD:Recorded command information. (Task=[string], Ip=[string], VpnName=[STRING], User=[string], AuthenticationMethod="[STRING]", Command="[string]")

http://support.huawei.com/hedex/hdx.do?docid=EDOC1000163385&id=SHELL_CMDRECORD&text=SHELL%2F5%2FCMDRECORD&lang=en

There you can see the user who applied that command.
Hope it helps you.
View more
  • x
  • convention:

StarOfWest
Created Jul 17, 2018 05:53:07

You can try to locate the log location using the following command sequence.
<Huawei> save logfile
<Huawei> display info-center logfile path
Info: Logfile save path is usb0:/logfile

Then you can use FTP to transfer the log.log file into your computer to have an in-depth check.
Also, if you want to check logs from months ago, you may need to download the archives that are corresponding with that period.
Router is doing some automatic archiving in order to spare the space on the disk.
View more

Rating

Number of participants 1E-coins +5 Collapse Reasons
WoodWood WoodWood + 5 Awesome!

View All scores

  • x
  • convention:

All Answers
Sergio93
Sergio93 Created Jul 16, 2018 16:01:14

Hi Vlater,

Please check the output of 'display trapbuffer' or the logs from flash for this log :
SHELL/5/CMDRECORD:Recorded command information. (Task=[string], Ip=[string], VpnName=[STRING], User=[string], AuthenticationMethod="[STRING]", Command="[string]")

http://support.huawei.com/hedex/hdx.do?docid=EDOC1000163385&id=SHELL_CMDRECORD&text=SHELL%2F5%2FCMDRECORD&lang=en

There you can see the user who applied that command.
Hope it helps you.
View more
  • x
  • convention:

valterjrsam
valterjrsam Created Jul 16, 2018 20:20:53

Thanks for the reply, but I could not find any log with this information, it could have been the case that after the configuration they were not saved and with this was lost what was configured (but it is not the case was as below the router is to 11 weeks up), very strange this, because I'm absolutely sure it was deleted by some person, the problem is to know who it was, you have another solution to try to find out?

The only entries after the 'display trapbuffer' command are:
=======================================

ARP/4/ARP_IPCONFLICT_TRAP
ENTITYTRAP/4/CPUUSAGERESUME
L2IFPPI/4/ILLEGAL_MAC_TRAP
ENTMIB/4/TRAP
LLDP/4/ADDCHGTRAP


active time
=======

<AM4575RA1.am.caixa>dis ver
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.160 (AR1200 V200R007C00SPC900)
Copyright (C) 2011-2016 HUAWEI TECH CO., LTD
Huawei AR1220 Router uptime is 11 weeks, 5 days, 7 hours, 55 minutes

content of my flash
=============

Idx Attr Size(Byte) Date Time(LMT) FileName
0 -rw- 304,700 Sep 16 2014 20:31:47 sacrule.dat
1 -rw- 5,814 Jul 16 2018 15:50:14 vrpcfg.zip
2 -rw- 0 May 07 2014 04:04:10 brdxpon_snmp_cfg.efs
3 -rw- 41,600 Sep 16 2014 21:29:08 ar1220_v200r005c00hp0002.pat
4 drw- - May 07 2014 04:05:46 dhcp
5 -rw- 2,976 Apr 25 2018 09:18:55 mon_file.txt
6 -rw- 1,260 May 07 2014 04:06:46 rsa_host_key.efs
7 -rw- 540 May 07 2014 04:06:53 rsa_server_key.efs
8 -rw- 1,467 Jul 16 2018 15:50:21 private-data.txt
9 -rw- 17,280 Mar 20 2017 13:29:13 ar1220-v200r007sph001.pat
10 -rw- 3,072 Oct 30 2014 18:19:32 Boot_LogFile
11 -rw- 104,163,840 Sep 08 2016 18:01:30 ar1220-v200r005c00spc2002.cc
12 -rw- 4,323 May 31 2017 18:51:34 iascfg_autobackup.zip
13 -rw- 104,520,320 Mar 20 2017 13:56:18 ar1220-v200r007c00spc900.cc
14 drw- - May 31 2017 18:54:35 update
15 drw- - May 31 2017 18:56:56 localuser
View more
  • x
  • convention:

StarOfWest
StarOfWest Created Jul 17, 2018 05:53:07

You can try to locate the log location using the following command sequence.
<Huawei> save logfile
<Huawei> display info-center logfile path
Info: Logfile save path is usb0:/logfile

Then you can use FTP to transfer the log.log file into your computer to have an in-depth check.
Also, if you want to check logs from months ago, you may need to download the archives that are corresponding with that period.
Router is doing some automatic archiving in order to spare the space on the disk.
View more

Rating

Number of participants 1E-coins +5 Collapse Reasons
WoodWood WoodWood + 5 Awesome!

View All scores

  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.