Knowledge Search


×
 

[Junos] Automatic command line generated from user root when issuing 'show route' commands

  [KB34344] Show Article Properties


Summary:

This article demonstrates a scenario where the system automatically generates command line log messages  (UI_CMDLINE_READ_LINE) whenever a 'show route table TABLENAME' command is typed into the terminal.

Symptoms:

When typing 'show route table TABLENAME' commands from the CLI as a user other than root, if the command is typed or pasted in the terminal, before typing in a table name, the following message is seen in the logs automatically:

May  6 10:23:12.636  router-re0 mgd[340]: %INTERACT-6-UI_CMDLINE_READ_LINE: User 'root', command 'show route summary | display xml | grep table-name '


If user root is not logged in already, there will be an automatic login too:

May  6 13:20:35.256  router-re0 mgd[32415]: UI_CHILD_START: Starting child '/bin/sh'
May  6 13:20:35.452  router-re0 mgd[32431]: check_regex_add: 1783 regex_add = 0
May  6 13:20:35.453  router-re0 mgd[32431]: UI_AUTH_EVENT: Authenticated user 'root' at permission level 'super-user'
May  6 13:20:35.453  router-re0 mgd[32431]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [32431], ssh-connection '172.25.161.154 54255 10.85.174.226 22', client-mode 'cli'
May  6 13:20:35.455  router-re0 mgd[32431]: UI_CMDLINE_READ_LINE: User 'root', command 'show route summary | display xml | grep table-name '
May  6 13:20:35.458  router-re0 mgd[32431]: UI_LOGOUT_EVENT: User 'root' logout
May  6 13:20:35.461  router-re0 mgd[32415]: UI_CHILD_STATUS: Cleanup child '/bin/sh', PID 32427, status 0
May  6 13:20:35.466  router-re0 mgd[32415]: UI_CMDLINE_READ_LINE: User 'lab', command 'show route table inet.0 '

But if the same 'show route table TABLENAME' command is called from history (e.g. using the up arrow to find it and pressing enter from there), then the automatic log message from root won't be seen.

This same behavior has been seen in both T and MX routers, on various versions from 12.3 to 18.2.

Solution:

This behavior is by design. There is no impact on service. It is good to keep this in mind when checking logs for input command lines.

Related Links: