CLI log

The CLI log creates a record of all CLI commands run on the appliance, including mqcli commands.

CLI events record the input of commands, not the result or outcome. CLI trace records are generated when a command is issued, irrespective of whether the command is included in the audit trace. The web UI and REST management interface are often a front end to the CLI, particularly for configuration changes, so this category also includes log events for commands that are invoked internally to service these interfaces.

Appliance CLI

CLI log events have the following format:

1,Timestamp,Domain,Category,Priority,,,0,,,Event Code,,,"(User:Domain:Connection Type:IP Address): Command"

If a command is executed while processing a configuration script using exec (for example, when replaying the saved configuration during boot) then the log events have the following format:

1,Timestamp,Domain,Category,Priority,,,0,,,Event Code,,,"(User:Domain:Connection Type:IP Address:Script:Line): Command"

Timestamp

The time and date that the event occurred.

Domain

This field is always set to default on the IBM® MQ Appliance.

Category

Always set to CLI.

Priority

Always set to debug.

Event code

An event code in the format 0x8100nnnn.

User

The user running the command. Is set to admin for internal events.

Domain

This field is always set to default on the IBM MQ Appliance.

Connection Type

Specifies one of the following connection types:

serial-port - serial connections
secure-shell - SSH connections
web-gui - web UI connections
saml-artifact - XML management connections (internal use on the MQ Appliance)
system - internal system processes
rest-mgmt - REST management connections

IP Address

The user's IP address, or "*" if the IP address is not known or not applicable.

Script

If applicable, the script that the command was called from.

Line

If applicable, the line of the script that the command was called from.

Command

The command.

The following example shows the events logged when creating a new user using the web UI. Sensitive values, like passwords, are redacted in the log by substituting the string "(******)":

1,20190828T085452.113Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:web-gui:9.174.20.193): top"
1,20190828T085452.114Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:web-gui:9.174.20.193): configure terminal"
1,20190828T085452.114Z,default,cli,debug,,,0,,,0x810001f1,,,"(admin:default:web-gui:9.174.20.193): Test: %if% available ""user"" true; continuing"
1,20190828T085452.114Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:web-gui:9.174.20.193): user joanna"
1,20190828T085452.114Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:web-gui:9.174.20.193):   reset"
1,20190828T085452.115Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:web-gui:9.174.20.193):   password ""(*****)"""
1,20190828T085452.115Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:web-gui:9.174.20.193):   suppress-password-change"
1,20190828T085452.115Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:web-gui:9.174.20.193):   access-level group-defined"
1,20190828T085452.115Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:web-gui:9.174.20.193):   group MQAdmin"
1,20190828T085452.164Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:web-gui:9.174.20.193): exit"

IBM MQ CLI

CLI log events for mqcli commands have the same format as the appliance CLI log events. Entry and exit entries are recorded to show entry to and exit from the mqcli subshell:

1,20190828T101504.349Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:secure-shell:9.20.33.218): mqcli"
1,20190828T101508.763Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:secure-shell:9.20.33.218): exit"

The mqcli command processor generates a CLI trace event for every recognized command. No trace event is generated for unrecognized commands. Sensitive values in command parameters, such as passwords and secrets, are redacted using the existing convention, which replaces each sensitive value with "(*****)".

The following example shows CLI log entries for commands that create a new high availability queue manager and a new IBM MQ user.

1,20190828T102741.361Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:secure-shell:9.20.33.218): crtmqm -sx QM1"
1,20190828T102741.361Z,default,cli,debug,,,0,,,0x810001f0,,,"(admin:default:secure-shell:9.20.33.218): usercreate -u jamie -g mqm -p ""(*****)"""