FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 09-23-2010, 01:40 PM
Rob DeSanno
 
Default User Auditing

This should be an easy question.

I use Logwatch on all of my RHEL servers and would like for it to also
report on all commands that any user had typed when logged in as well.
Something along the lines of UID: Command to give me an idea of who was
doing what at any given period of time.

I tried using snoopy but that gave me much more than I was looking for. I'm
now playing around with psacct and logger but was curious to know what
everyone else out there uses to monitor user activity besides looking into
everyone history file.

Thanks in advance!
~Rob
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 09-23-2010, 02:05 PM
Georgios Magklaras
 
Default User Auditing

On 09/23/2010 03:40 PM, Rob DeSanno wrote:

This should be an easy question.

I use Logwatch on all of my RHEL servers and would like for it to also
report on all commands that any user had typed when logged in as well.
Something along the lines of UID: Command to give me an idea of who was
doing what at any given period of time.

I tried using snoopy but that gave me much more than I was looking for. I'm
now playing around with psacct and logger but was curious to know what
everyone else out there uses to monitor user activity besides looking into
everyone history file.

Thanks in advance!
~Rob

You might like to take a look at LUARM: http://luarm.sourceforge.net/

It is a new project I am heading and the idea is to target mainly what
the users are doing at file, network endpoint and process execution
level. As long as you have a good MySQL box and you are willing to
install Perl DBI/ DBD MySQL, you should get what you want.


A good presentation of what the system is supposed to do and the context
is here:

http://folk.uio.no/georgios/other/Dagstuhl2010.pdf

(Documentation is under way)

Snoopy is good, but it has an inherent library dependency on the user
environment that I do not like. Psacct can introduce substantial
overhead on a busy server. Give LUARM a go and then let me know what you
think and/or issues you might face in the process of deploying it.


--
--
George Magklaras
Senior Systems Engineer/IT Manager
Biotek Center, University of Oslo
EMBnet TMPC Chair

http://folk.uio.no/georgios

Tel: +47 22840535



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 11:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org