Monitoring, Management & Location Tracking

How to track the AMP CLI user's login

Aruba Employee
Q:

How could we verify the time and authentication status of a Airwave CLI users.



A:

Login as root to the AMP CLI and navigate to the '/var/log/' directory. Open the 'secure' log file using less or more:

# less secure

In this file, you could see below logs when user attempts to login using the username and from the PC with date and time (in my case the user name is root): 

1. User failed authentication: A user will be allowed 6 login attempts and then the connection to the server will be closed. 

Nov 30 22:55:23 localhost sshd[27497]: Failed password for root from 10.240.131.181 port 50706 ssh2
Nov 30 22:55:24 localhost sshd[27497]: Failed password for root from 10.240.131.181 port 50706 ssh2
Nov 30 22:55:25 localhost sshd[27497]: Failed password for root from 10.240.131.181 port 50706 ssh2
Nov 30 22:55:26 localhost sshd[27497]: Failed password for root from 10.240.131.181 port 50706 ssh2
Nov 30 22:55:27 localhost sshd[27497]: Failed password for root from 10.240.131.181 port 50706 ssh2
Nov 30 22:55:27 localhost sshd[27498]: Disconnecting: Too many authentication failures for root
Nov 30 22:56:03 localhost sshd[27551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.240.131.181  user=root

Nov 30 22:56:05 localhost sshd[27551]: Failed password for root from 10.240.131.181 port 50729 ssh2
Nov 30 22:56:10 localhost sshd[27551]: Failed password for root from 10.240.131.181 port 50729 ssh2
Nov 30 22:56:15 localhost sshd[27551]: Failed password for root from 10.240.131.181 port 50729 ssh2
Nov 30 22:56:21 localhost sshd[27551]: Failed password for root from 10.240.131.181 port 50729 ssh2
Nov 30 22:56:26 localhost sshd[27551]: Failed password for root from 10.240.131.181 port 50729 ssh2
Nov 30 22:56:31 localhost sshd[27551]: Failed password for root from 10.240.131.181 port 50729 ssh2
Nov 30 22:56:31 localhost sshd[27552]: Disconnecting: Too many authentication failures for root
Nov 30 22:56:31 localhost sshd[27551]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.240.131.181  user=root
Nov 30 22:56:31 localhost sshd[27551]: PAM service(sshd) ignoring max retries; 6 > 3

When user Successfully logged in to the CLI:

Nov 30 22:57:35 localhost sshd[27754]: Accepted password for root from 10.240.131.181 port 50751 ssh2
Nov 30 22:57:35 localhost sshd[27754]: pam_unix(sshd:session): session opened for user root by (uid=0)

Version history
Revision #:
2 of 2
Last update:
‎12-19-2016 10:10 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.