loader-logo

Saving Your Putty Sessions To A Log File

Putty is a widely used, free, tool to SSH/Telnet/Console/etc into a network device. I can’t recall how many times I’ve burned myself because I fat-fingered the keyboard and then lost my connection to the network device or misconfigured an interface and not realize it for a couple of days. Or what if you wanted to remember what you did a couple of months ago on a switch?

Putty allows you to log each of your sessions. It has saved my bacon so many times.

Here’s how to configure it. First, highlight the Default Settings:

Putty's Default Settings

Then on the left pane, click on Logging under Session.

Under the Session Logging section, select “All session output”
For the log file name, use this structure: &H-&Y&M&D-&T.log

&H – This will append the hostname of the device to the front of the file. I add a dash after this to separate it from the dates.

&Y&M&D – This adds the year, month, and day. Add a dash afterwards to separate it from the time.

&T – This adds the time you logged into the device. Because you may log into the same device multiple times per day, this is a good way to log each session separately.

Click on browse to save it to a specific location. Your log file will then look like: 192.168.1.1-20131024-075505.log

Simple!

Configuring session logging in Putty

Now go back to the Session window, click on Default Settings, and click Save. So next time you open Putty or create a new saved session, it will create the log file.

Let’s see it in action. I’m going to create a new saved session for the ATT Looking Glass route server:

Creating a Saved Session in Putty

Let’s take a look at Google’s BGP routes

Image of Google's BGP Routes

Example Putty Log

Here is the contents of that log:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.10.24 07:58:42 =~=~=~=~=~=~=~=~=~=~=~=
-------------- route-server.ip.att.net ---------------
---------  AT&T IP Services Route Monitor  -----------

The information available through route-server.ip.att.net is offered
by AT&T's Internet engineering organization to the Internet community.

This router maintains eBGP peerings with customer-facing routers
throughout the AT&T IP Services Backbone:

IPv4:
12.123.21.243  Atlanta   12.123.133.124 Austin    12.123.41.250  Cambridge
12.123.5.240   Chicago   12.123.17.244  Dallas    12.123.139.124 Detroit
12.122.83.238  Denver    12.123.134.124 Houston   12.123.29.249  LA
12.123.1.236   New York  12.123.33.249  Orlando   12.123.137.124 Philly
12.123.142.124 Phoenix   12.123.145.124 SanDiego  12.123.13.241  SanFran
12.123.25.245  St.Louis  12.122.125.224 Seattle   12.123.9.241   WashDC

IPv6:
2001:1890:FF:FFFF:12:122:124:12   Atlanta
2001:1890:FF:FFFF:12:122:127:66   Chicago
2001:1890:FF:FFFF:12:122:124:138  Dallas
2001:1890:FF:FFFF:12:122:120:7    Fort Lauderdale
2001:1890:FF:FFFF:12:122:125:6    Los Angeles
2001:1890:FF:FFFF:12:122:125:44   New York
2001:1890:FF:FFFF:12:122:125:106  Philadelphia
2001:1890:FF:FFFF:12:122:125:132  Phoenix
2001:1890:FF:FFFF:12:122:126:232  San Francisco
2001:1890:FF:FFFF:12:122:125:224  Seattle
2001:1890:FF:FFFF:12:122:126:9    St. Louis
2001:1890:FF:FFFF:12:122:126:64   Washington

*** Please Note:
Ping and traceroute delay figures measured here are unreliable, due to the
high CPU load experienced when complicated show commands are running.

For questions about this route-server, send email to: jayb@att.com

*** Log in with username 'rviews', password 'rviews' *** 

route-server.ip.att.net (ttyp5)

login: rviews
Password:

--- JUNOS 12.1R3-S4 built 2013-03-24 11:22:31 UTC 
rviews@route-server.ip.att.net> show route www.google.com 

inet.0: 462505 destinations, 6937311 routes (462505 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

173.194.78.0/24    *[BGP/170] 3w2d 17:29:34, localpref 100, from 12.122.125.224
                      AS path: 7018 15169 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 2w3d 09:11:13, localpref 100, from 12.122.83.238
                      AS path: 7018 15169 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 7w5d 19:42:12, localpref 100, from 12.123.1.236
                      AS path: 7018 15169 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 7w5d 19:42:22, localpref 100, from 12.123.5.240
                      AS path: 7018 15169 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 2w0d 04:42:59, localpref 100, from 12.123.9.241
                      AS path: 7018 15169 I
                    > to 12.0.1.1 via em0.0
                    [BGP/170] 7w5d 19:42:13, localpref 100, from 12.123.13.241
                      AS path: 7018 15169 I
                    > to 12.0.1.1 via em0.0
---(more)---

rviews@route-server.ip.att.net> exit

From the text above, you can actually see my input. You won’t be able to see the passwords but you can see every other command that is typed in by me.

Note: For your previously created sessions, you will have to select it, then click Load, and modify the Logging settings to create a log for those sessions.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.