Avamar: How to retrieve the hostname (or IP address) that logged in to the Avamar Administrator Console

Summary: This article provides details about how to find the hostname or IP address that attempted to log in to the Avamar Administrator Console.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

To ensure the security in the environment, a customer may ask the support team to confirm which hosts recently logged in to Avamar Administrator Console.

In UNIX, the command "last" is used to check account login information (including the IP address and timestamp), but there is no equivalent Avamar command.

Listed below are some of the ways to find the host or IP address (and associated user account) that logged in to the Avamar grid.

 

Method 1: MCCLI

Check for event code 22339 (successful login): 

mccli event show | grep 22339
 

Sample output:

3421725 2021-12-29 21:55:12 GMT AUDIT 22339 SECURITY USER / User login successful
3420804 2021-12-29 15:17:13 GMT AUDIT 22339 SECURITY USER / User login successful
...
...
3412709 2021-12-28 14:06:11 GMT AUDIT 22339 SECURITY USER / User login successful
 

An eventid can then be further checked to get more information:

mccli event show --id=3412709
0,23000,CLI command completed successfully.
Attribute Value
--------- ----------------------------------
ID 3412709
Date 2021-12-27 07:35:52 GMT
Type AUDIT
Code 22339
Category SECURITY
Severity USER
Domain /
Summary User login successful
SW Source MCS:AvmgrLoginModule::USER::LOGON
For Whom Field Support Personnel
HW Source avamar
Description User login successful
Remedy No action required.
Notes N/A
Data <data><entry key="action" type="text" value="login" version="1"/><entry key="requestor" type="xml" value="&amp;lt;requestor domain=&amp;quot;/&amp;quot; host=&amp;quot;10.10.10.103&amp;quot; product=&amp;quot;MCGUI&amp;quot; role=&amp;quot;Administrator&amp;quot; user=&amp;quot;MCUser&amp;quot;/&amp;gt;" version=""/></data>

The example above shows that MCUser logged in 2021-12-27 07:35:52 GMT from host IP 10.10.10.103.

 

Method 2: Log Review (recommended).

Use the following string to search the mcserver logs:
(This displays the most recent login last)

grep "^FINE.*events.*22339.*MCGUI" /usr/local/avamar/var/mc/server_log/mcserver.log.* | sed 's/^\/usr\/local\/avamar\/var\/mc\/server_log\/mcserver.log.//g' | sort -nr
 

Sample output:

26:FINE: query = insert into events (date_time, code, eid, source, data, ts, category, type, severity, swSource, summary, remedy, notes, description, audience, domain ) values ('2021-12-29 02:54:22.672+00',22339,3419008,'<event-source NodeID="avamar" ProgramName="com.avamar.mc.dpn.DPNProxyService" ddr-id="" ddr-name="" gsan-version="19.3.0-149" hardware-id="FC6AVxxxxxxx_100-580-644_A03" source-hardware-id="FC6AVxxxxxxxxxx_100-580-644_A03"/>','<data><entry key="action" type="text" value="login" version="1"/><entry key="requestor" type="xml" value="&amp;lt;requestor domain=&amp;quot;/&amp;quot; host=&amp;quot;10.10.10.36&amp;quot; product=&amp;quot;MCGUI&amp;quot; role=&amp;quot;Administrator&amp;quot; user=&amp;quot;MCUser&amp;quot;/&amp;gt;" version=""/></data>',1640746462672,'SECURITY','AUDIT','USER','MCS:AvmgrLoginModule::USER::LOGON','User login successful',NULL,NULL,NULL,NULL,'/')
...
...
23:FINE: query = insert into events (date_time, code, eid, source, data, ts, category, type, severity, swSource, summary, remedy, notes, description, audience, domain ) values ('2021-12-29 06:48:56.112+00',22339,3419584,'<event-source NodeID="avamar" ProgramName="com.avamar.mc.dpn.DPNProxyService" ddr-id="" ddr-name="" gsan-version="19.3.0-149" hardware-id="FC6AVxxxxxxxx_100-580-644_A03" source-hardware-id="FC6AVxxxxxxxxx_100-580-644_A03"/>','<data><entry key="action" type="text" value="login" version="1"/><entry key="requestor" type="xml" value="&amp;lt;requestor domain=&amp;quot;/&amp;quot; host=&amp;quot;10.10.10.5&amp;quot; product=&amp;quot;MCGUI&amp;quot; role=&amp;quot;Administrator&amp;quot; user=&amp;quot;MCUser&amp;quot;/&amp;gt;" version=""/></data>',1640760536112,'SECURITY','AUDIT','USER','MCS:AvmgrLoginModule::USER::LOGON','User login successful',NULL,NULL,NULL,NULL,'/')
The example above shows:
      • The earliest login (MCUser) on 2021-12-29 02:54:22 from host IP 10.10.10.36
      • The most recent (MCUser) on 2021-12-29 06:48:56 from host IP 10.10.10.5


 

Additional Information

Other useful commands:

  • Failed login attempts in the Management Console Server (MCS) UI can be found using event ID 22801:
grep "^FINE.*events.*22801.*MCGUI" /usr/local/avamar/var/mc/server_log/mcserver.log.* | sed 's/^\/usr\/local\/avamar\/var\/mc\/server_log\/mcserver.log.//g' | sort -nr
  • Login attempts made to Avamar User Interface (AUI), or REST API can be found by replacing the product from MCGUI to MCREST:
grep "^FINE.*events.*22339.*MCREST" /usr/local/avamar/var/mc/server_log/mcserver.log.* | sed 's/^\/usr\/local\/avamar\/var\/mc\/server_log\/mcserver.log.//g' | sort -nr
  • Failed login attempts to AUI/REST API use MCREST and eventID 22801:
grep "^FINE.*events.*22801.*MCREST" /usr/local/avamar/var/mc/server_log/mcserver.log.* | sed 's/^\/usr\/local\/avamar\/var\/mc\/server_log\/mcserver.log.//g' | sort -nr

Affected Products

Avamar

Products

Avamar, Avamar, Avamar Data Store Gen4S, Avamar Data Store Gen4T, Avamar Data Store Gen5A, Avamar REST API, Avamar Server, Avamar Virtual Edition
Article Properties
Article Number: 000194842
Article Type: How To
Last Modified: 29 Apr 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.