Session logging can prove extremely useful when recollecting events during troubleshooting scenarios or even configuration-binges. SecureCRT's logging settings allow the use of variables to define the filename/path. I've configured my default session to log every session whether I'm troubleshooting or just poking around.
I also have a custom windows environment variable that points %SessionLogs% to the directory of my choosing. This permits me to sync my sessions folder across multiple computers and VMs without having to worry about maintaining a similar directory structure on all of them.
Tip: For troubleshooting, I also like maintain a Notepad++ file or quick handwritten notes with timestamps for significant events, so I can cross-reference them with my timestamped SecureCRT logs.
Default Session Log File Settings
SecureCRT: Options > Edit Default Session... > Terminal > Log File
Log file name:
→ %SessionLogs%\%Y.%M%D\%Y.%M%D-%S_%COMPUTERNAME%.%USERNAME%.log
Options
✓ Start log upon connect
✓ Append to file
✓ Start new log at midnight
Custom log data > Upon connect:
→ !!!!!CONNECT [%Y/%M/%D - %S - %COMPUTERNAME%\%USERNAME%]
Custom log data > Upon disconnect:
→ !!!!!DISCONN [%Y/%M/%D - %S - %COMPUTERNAME%\%USERNAME%]
Custom log data > On each line:
→ %h:%m:%s --
Resultant Data
File Name
C:\Users\Derek\<omitted>\Misc\SecureCRT\SessionLogs\2018.0312\2018.0312-EDGE-FTD-01_DS-P51.Derek.log
Contents
13:14:19 -- !!!!!CONNECT [2018/03/12 - EDGE-FTD-01 - DS-P51\Derek]
13:14:19 -- User derek logged in to EDGE-FTD-01
13:14:19 -- Logins over the last 3 days: 4. Last login: 13:14:08 PST Feb 1 2018 from 10.19.1.107
13:14:19 -- Failed logins since the last login: 0.
13:14:19 -- Type help or '?' for a list of available commands.
13:14:21 -- EDGE-FTD-01# sh run access-gr
13:14:21 -- access-group inside-in in interface inside
13:14:21 -- access-group outside-in in interface outside
13:14:21 -- access-group dmz-in in interface dmz
13:14:21 -- EDGE-FTD-01#
13:14:22 -- !!!!!DISCONN [2018/03/12 - EDGE-FTD-01 - DS-P51\Derek]
Considerations
- Using Notepad++ I can use
CTRL-Fand select Find All in Current Document to find events like !!!!!CONNECT, !!!!!DISCONN, <hostname>#, etc. - The
%COMPUTERNAME%environment variable is used because my SecureCRT config folder is synced across my workstations/jumpboxes that all write to the same SessionLogs folder, which is also synced; this separates the log files based on the computer I was connecting from.
