Logging of serial port access and communications activity

When operating in Console Server Mode, Opengear devices can be configured to log user access, signal changes and data transmitted and received between the Opengear RS-232 or USB serial port, and the connected device port.

By default, port logging is disabled.

Once enabled, the most recent 8K of port logs are stored in RAM (tmpfs) and can be viewed via the web UI or CLI.  Logs may be made persistent by storing them on the Opengear device's internal mass storage or a remote log server.

Enabling port logs

When configuring the port in Console Server Mode, select a Logging Level.

• Level 0: Disable logging (default)
• Level 1: Log LOGIN, LOGOUT and SIGNAL events
• Level 2: Log LOGIN, LOGOUT, SIGNAL, TXDATA and RXDATA events
• Level 3: Log LOGIN, LOGOUT, SIGNAL and RXDATA events
• Level 4: Log LOGIN, LOGOUT, SIGNAL and TXDATA events

Input/RXDATA is data received by the Opengear device from the connected serial device, and output/TXDATA is data sent by the Opengear device (e.g. typed by the user) to the connected serial device.

Warning: Enabling log levels 2 or 4 will typically capture and store any user-entered passwords in plain text.

Device consoles typically echo back characters as they are typed – so TXDATA typed by a user is subsequently received as RXDATA, displayed on their terminal.  However after prompting for a password, the connected device often disables this behavior, or sends * characters to prevent the password from being displayed.

Enabling persistent log storage

• Login to the Opengear web UI as root or an admin group user
• Click Alerts & Logging -> Port Log
• Select a Server Type (may be an internal USB/Non-volatile flash "server")
• For NFS, CIFS and Remote Syslog, enter a Server Address
• For NFS & CIFS enter Username and Password to mount the remote directory
• For Remote Syslog you may set the default syslog Priority and Facility (this can also be set per-port)
• Click Apply

To confirm log storage has been mounted, click Status -> Support Report, search for Disk Usage and ensure the server appears in the output:

Viewing logs

Permitted users may view or download logs via the web UI under Manage -> Port Logs.

Log files are also accessible via the filesystem, under:

• /var/log/port*.log* (logs cached in RAM)
• /var/mnt/storage.*/port*.log* (logs saved to internal mass storage)

Log format

Logs are stored in plain text files with event stamps and millisecond timestamps.  For example:

2016-Nov-21 10:15:42.699 LOGIN: robertw
2016-Nov-21 10:16:15.256 SIGNAL: CTS => 1
2016-Nov-21 10:16:15.261 RXDATA:
2016-Nov-21 10:16:15.262 RXDATA:                   

2016-Nov-21 10:16:15.320 RXDATA: System Bootstrap, Version 12.4(22r)YB3, RELEASE SOFTWARE (fc1)
2016-Nov-21 10:16:15.320 RXDATA:
2016-Nov-21 10:16:15.378 RXDATA: Technical Support: http://www.cisco.com/techsupport
2016-Nov-21 10:16:15.379 RXDATA:
2016-Nov-21 10:16:15.422 RXDATA: Copyright (c) 2009 by cisco Systems, Inc.
[snip]
2016-Nov-21 10:17:53.688 RXDATA: ISR>
2016-Nov-21 10:17:54.438 RXDATA: en
2016-Nov-21 10:17:54.438 TXDATA: en
2016-Nov-21 10:17:54.462 RXDATA:
2016-Nov-21 10:17:54.462 RXDATA:
2016-Nov-21 10:17:54.965 RXDATA: Password:
2016-Nov-21 10:17:55.998 TXDATA: oursecret
2016-Nov-21 10:17:56.029 RXDATA:
2016-Nov-21 10:17:56.029 RXDATA:
2016-Nov-21 10:17:56.530 RXDATA: ISR#
[snip]
2016-Nov-21 10:20:15.121 LOGOUT: robertw