Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] Automatic command line generated from user root when issuing 'show route' commands

0

0

Article ID: KB34344 KB Last Updated: 23 May 2019Version: 1.0
Summary:

This article demonstrates a scenario where the system automatically generates command line log messages  (UI_CMDLINE_READ_LINE) whenever a 'show route table TABLENAME' command is typed into the terminal.

Symptoms:

When typing 'show route table TABLENAME' commands from the CLI as a user other than root, if the command is typed or pasted in the terminal, before typing in a table name, the following message is seen in the logs automatically:

May  6 10:23:12.636  router-re0 mgd[340]: %INTERACT-6-UI_CMDLINE_READ_LINE: User 'root', command 'show route summary | display xml | grep table-name '


If user root is not logged in already, there will be an automatic login too:

May  6 13:20:35.256  router-re0 mgd[32415]: UI_CHILD_START: Starting child '/bin/sh'
May  6 13:20:35.452  router-re0 mgd[32431]: check_regex_add: 1783 regex_add = 0
May  6 13:20:35.453  router-re0 mgd[32431]: UI_AUTH_EVENT: Authenticated user 'root' at permission level 'super-user'
May  6 13:20:35.453  router-re0 mgd[32431]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [32431], ssh-connection '172.25.161.154 54255 10.85.174.226 22', client-mode 'cli'
May  6 13:20:35.455  router-re0 mgd[32431]: UI_CMDLINE_READ_LINE: User 'root', command 'show route summary | display xml | grep table-name '
May  6 13:20:35.458  router-re0 mgd[32431]: UI_LOGOUT_EVENT: User 'root' logout
May  6 13:20:35.461  router-re0 mgd[32415]: UI_CHILD_STATUS: Cleanup child '/bin/sh', PID 32427, status 0
May  6 13:20:35.466  router-re0 mgd[32415]: UI_CMDLINE_READ_LINE: User 'lab', command 'show route table inet.0 '

But if the same 'show route table TABLENAME' command is called from history (e.g. using the up arrow to find it and pressing enter from there), then the automatic log message from root won't be seen.

This same behavior has been seen in both T and MX routers, on various versions from 12.3 to 18.2.

Solution:

This behavior is by design. There is no impact on service. It is good to keep this in mind when checking logs for input command lines.

Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search