Nov
2
2014

How to log everything with SecureCRT

Unlike my technical articles about configurations, protocols and so on, in this tutorial I will explain how to log automatically all SecureCRT sessions. For those that are unaware, SecureCRT is one of the best SSH/telnet client.

The question is “why save everything?”

In my opinion, a good approach to work with many devices (network, security, …) is to save everything (show command, configuration command and so on..). This method gives several benefits, for instance when:

  • The telnet/SSH client buffer is full
  • Something goes wrong
  • You mistakenly close SecureCRT
  • You want to check what you have done

Below the steps to configure it:

1. Open the software.

2. On the top bar click “Options”then “Global Options”.

how-to-log-securecrt-1

 

3. Select “Default Session”, click “Edit Default Settings…”; then select “Log File”.

how-to-log-securecrt-2

 

There are many customizations:

  • Log file name: where to save the log file.
  • Upon connect: text at the beginning of the file.
  • Upon disconnect: text at the end of the file.
  •  On each line: text added on each line.

These fields accept several variables; a complete list is shown below:

  • %H – hostname
  • %S – session name
  • %Y – four-digit year
  • %M – two-digit month
  • %D – two-digit day of the month
  • %h – two-digit hour
  • %m – two-digit minute
  • %s – two-digit seconds
  • %t – three-digit milliseconds
  • %% – percent (%)
  • %envvar% – environment variable (for instance %USERNAME%)

Note: These settings will be applied ONLY on new sessions!

4. If you would apply these settings on the current saved sessions click “File” on the top bar then “Connect…”. Select the devices or the group of devices, right click and select “Properties”. A new window will apppers:

how-to-log-securecrt-3

 

You can customize each field as you prefer. In my case, I have used the previous settings.

Below an example of a saved session file “D:\SecureCRT logs\2014-10-31\Ciscozine_test  (172.16.3.210) — 19-19.log”:

19:19:58.965 § Start recording Ciscozine_test  (172.16.3.210) - 19:19:58
19:19:58.983 § C
19:19:58.983 § *
19:19:58.984 § *
19:19:58.984 § *  Ciscozine_test
19:19:58.984 § *
19:19:58.985 § 
19:20:00.950 § Username: ciscozine
19:20:00.980 § Password: 
19:20:00.980 § 
19:20:48.403 § Ciscozine_test#sh ver
19:20:48.620 § Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(2)SY, RELEASE SOFTWARE (fc4)
19:20:48.620 § Technical Support: http://www.cisco.com/techsupport
19:20:48.620 § Copyright (c) 1986-2013 by Cisco Systems, Inc.
19:20:48.620 § Compiled Wed 04-Sep-13 13:05 by prod_rel_team
19:20:48.620 § 
19:20:48.621 § ROM: System Bootstrap, Version 12.2(17r)SX7, RELEASE SOFTWARE (fc1)
19:20:48.621 § 
19:20:48.621 §  SW-6500-VSS uptime is 23 weeks, 2 hours, 8 minutes
19:20:48.621 § Uptime for this control processor is 23 weeks, 2 hours, 0 minutes
19:20:48.621 § System returned to ROM by reload at 12:16:02 UTC Fri May 23 2014 (SP by reload)
19:20:48.622 § System restarted at 14:20:04 CST Fri May 23 2014
19:20:48.622 § System image file is "sup-bootdisk:s72033-adventerprisek9-mz.151-2.SY.bin"
19:20:48.622 § Last reload reason: Admin reload CLI
19:20:48.622 § 
19:20:48.622 § 
19:20:48.624 § 
19:20:48.624 § This product contains cryptographic features and is subject to United
19:20:48.625 § States and local country laws governing import, export, transfer and
19:20:48.625 § use. Delivery of Cisco cryptographic products does not imply
19:20:48.625 § third-party authority to import, export, distribute or use encryption.
19:20:48.625 § Importers, exporters, distributors and users are responsible for
19:20:48.626 § compliance with U.S. and local country laws. By using this product you
19:20:48.626 § agree to comply with applicable laws and regulations. If you are unable
19:20:48.626 § to comply with U.S. and local laws, return this product immediately.
19:20:48.626 § 
19:20:48.626 § A summary of U.S. laws governing Cisco cryptographic products may be found at:
19:20:48.626 § http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
19:20:48.626 § 
19:20:48.627 § If you require further assistance please contact us by sending email to
19:20:48.627 § export@cisco.com.
19:20:48.627 § 
19:20:48.627 § cisco WS-C6509-E (R7000) processor (revision 1.6) with 983008K/65536K bytes of memory.
19:20:48.627 § Processor board ID SMC17330086
19:20:48.957 § SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
19:20:48.958 § Last reset from s/w reset
19:20:48.958 § 12 Virtual Ethernet interfaces
19:20:48.958 § 216 Gigabit Ethernet interfaces
19:20:48.958 § 36 Ten Gigabit Ethernet interfaces
19:20:48.958 § 1917K bytes of non-volatile configuration memory.
19:20:48.958 § 
19:20:48.959 § 65536K bytes of Flash internal SIMM (Sector size 512K).
19:20:48.959 § Configuration register is 0x2102
19:20:48.960 § 
19:20:59.632 § Ciscozine_test# 
19:22:23.284 § Ciscozine_test#exit
19:22:23.585 § Stop recording Ciscozine_test  (172.16.3.210) - 19:22:23

As you can see, each line start with the time. The “§” is used for two reasons:

  • If you import the log file in Excel or similar, you can use this symbol as a delimiter.
  • I use the “§” and not the “,” because in some configuration the “,” is present, so it would not be possible to use this symbol like a delimiter.
Summary
Article Name
How to log everything with SecureCRT
Description
A good approach to work with many devices (network, security, ...) is to save everything (show command, configuration command and so on..). This method gives several benefits, for instance when the telnet/SSH client buffer is full, something goes wrong, you mistakenly close SecureCRT, you want to check what you have done.
Author
  • Leandro

    Great article!! Thanks

  • Theofilos

    Very interesting post and well explained. Thank you

  • DQ

    very cool

    to save you from typying all this

    C:SecureCRT logs%Y-%M-%D%S (%H) — %h-%m.log

    Start recording %S (%H) – %h:%m:%s

    Stop recording %S (%H) – %h:%m:%s

    %h:%m:%s.%t §

  • DzNV

    thank bro :x

  • Hi Victor,
    I have tried your configuration and works fine on my securecrt!
    Cheers
    Favio