Action Layer

LeL gives you a few tools to track certain activities, which are explained shortly below.

  • CLI logging
  • Milestone loggins
  • continues screen capture

LeL provides you a simple logging script to log (all/specific) commands, as well as Milestones. A log entry of a command contains the timestamp and the command and additional information. Milestone contains of the event message and the timestamp.

The chronic view displays all milestones on a specific day. pic

Once a day is select it shows all the milestones of this specific day.

pic

Since both log entities contain the timestamp they can easily be correlated, which allow to display all the commands, which were entered after the event. The little icon can be clicked to open the Commands view.

pic

Lastly the operator is able to record their screen via LeL, which allows them jump to the specific point when the milestone happened.

pic

Similar to the Content-Search the operator is able to search for a specific previously logged command via the command search.

pic

Aswell more information

Simple Logger

Inside the _lel-simple-logger/ folder the logger.src.sh can be found. This simple command-line logger can be sourced and then logs each command as a json structure to a previously specified folder. Additionally the logger can sent selected commands to LEL for auditing.

This can later be used to track when specifiy actions were executed (e.g. in a client environment).

The following environment variables needs to be set to enable the Logger:

 export MISATO_LOGDIR="<log-dir>"
 export MISATO_LOGGER="<arbitrary-non-empty-value>"
 # optional
 export MISATO_OPERATORKEY="lel"
 export MISATO_OPERATORAPI="https://127.0.0.1:8888"

Afterwards the new following functions can be executed via the command line

toggle_misato <remote/local/off/on>
milestone_log

toggle_misato can be used to enable/disable and toggle between local and remote logging.

Note: Simple Powershell logging will be added in v0.0.2