On 09/23/2010 03:40 PM, Rob DeSanno wrote:
This should be an easy question.
I use Logwatch on all of my RHEL servers and would like for it to also
report on all commands that any user had typed when logged in as well.
Something along the lines of UID: Command to give me an idea of who was
doing what at any given period of time.
I tried using snoopy but that gave me much more than I was looking for. I'm
now playing around with psacct and logger but was curious to know what
everyone else out there uses to monitor user activity besides looking into
everyone history file.
Thanks in advance!
You might like to take a look at LUARM: http://luarm.sourceforge.net/
It is a new project I am heading and the idea is to target mainly what
the users are doing at file, network endpoint and process execution
level. As long as you have a good MySQL box and you are willing to
install Perl DBI/ DBD MySQL, you should get what you want.
A good presentation of what the system is supposed to do and the context
(Documentation is under way)
Snoopy is good, but it has an inherent library dependency on the user
environment that I do not like. Psacct can introduce substantial
overhead on a busy server. Give LUARM a go and then let me know what you
think and/or issues you might face in the process of deploying it.
Senior Systems Engineer/IT Manager
Biotek Center, University of Oslo
EMBnet TMPC Chair
Tel: +47 22840535
redhat-list mailing list