Session logging in SSMC appliance

The session logging feature helps to generate audit logs for all session activities of ssmcadmin. Session log includes logs for command executions, results of execution, and keystrokes of edit sessions on watched files (free-form editable configuration files like ssmc.properties and security_config.properties).

To enable detailed session logging, execute the following command:

sudo /ssmc/bin/config_security.sh -o session_log -a enable -f

To disable detailed session logging, execute the following command:

sudo /ssmc/bin/config_security.sh -o session_log -a disable -f

NOTE:

SSMC uses the standard auditd utility to audit and record logs for user session activities.
The audit logs are stored in /var/log/audit/audit.log file. The log lines are encrypted and so the supplied aureport tool must be used to decrypt log messages for readability.
To get a readable output from the session log, execute the aureport --tty command.