How to decrypt the encrypted SSH logs in Ezeelogin?
How to decrypt the encrypted SSH logs in Ezeelogin to a CSV file?
Run the following command to decrypt the logs. Replace the log file name with your log file path.
[email protected]:# /usr/local/ezlogin/eztool.php -show_log /var/log/ezlogin/full/username/log_name
The following scripts show an example for decrypting logs accessed by the admin user.
[email protected]:# /usr/local/ezlogin/eztool.php -show_log /var/log/ezlogin/full/admin/root~server.cent.test~Thu_Jul_15_09\:56\:02_2021
#########################
# Ezeelogin Tool #
#########################
Checking environment... The memory limit is less than 4 GB. If the script crashes abruptly without any errors, try increasing the PHP memory limit.
done (1722)
Checking license... done (1956)
Enter the Ezeelogin administrator password: Admin!2345
Log Info:
ID: 3
Server: server.cent.test
User: admin
SSH User: root
Log Type: full
Status: end
Encryption: 1
Created: 2021-07-15 09:56:02
File: /var/log/ezlogin/full/admin/root~server.cent.test~Thu_Jul_15_09:56:02_2021
File Size: 8207
Data Size: 60334
Decrypt Command: /usr/local/ezlogin/ezlogsearch ’3’ ’05ca04c241f735cb0a045d341968a2767c07a7d5’ 0 2>&1 (0)
Contents:
Last login: Thu Jul 15 09:55:47 2021 from 192.168.1.7
[[email protected] ~]# ls
1 anaconda-ks.cfg
[[email protected] ~]
#host ~]# exit
logout
Read count: 0
<===[END]===>
Run the following command to decrypt the SSH logs and save them to a CSV file.
[email protected]:# /usr/local/ezlogin/eztool.php -show_log /var/log/ezlogin/full/username/filename -out file_name.csv
Refer the following script as an example for decrypting ssh logs into a CSV file.
[email protected]:# /usr/local/ezlogin/eztool.php -show_log /var/log/ezlogin/full/admin/root~server.cent.test~Thu_Jul_15_09\:56\:02_2021 -out log_admin.csv
#########################
# Ezeelogin Tool #
#########################
Checking environment... The memory limit is less than 4 GB. If the script crashes abruptly without any errors, try increasing the PHP memory limit.
done (1722)
Checking license... done (1956)
Enter the Ezeelogin administrator password: Admin!2345
Log Info:
ID: 3
Server: server.cent.test
User: admin
SSH User: root
Log Type: full
Status: end
Encryption: 1
Created: 2021-07-15 09:56:02
File: /var/log/ezlogin/full/admin/root~server.cent.test~Thu_Jul_15_09:56:02_2021
File Size: 8207
Data Size: 60334
Decrypt Command: /usr/local/ezlogin/ezlogsearch ’3’ ’05ca04c241f735cb0a045d341968a2767c07a7d5’ 0 2>&1 (0)