[Sunhelp] logging
Patrick Ouellet
sunhelp at sunhelp.org
Wed Nov 1 12:59:33 CST 2000
If I may ask...
Why are you telling me this... and where did you get my e-mail ??
Chris Hall wrote:
> Apologies in advance if this has been addressed already,
> I had came across the same Issue's at one point, and what i did was add
> the following to
> /etc/.cshrc ( since all of our users primarily only use tcsh / csh )
>
> set history = 100
> set savehist = 100
>
> and /etc/.logout
>
> set histd=/var/adm/log/history/$USER
> touch $histd
> echo "------------------------------" >> $histd
> echo `date` >> $histd
> echo "-------------------------------" >> $histd
> history >> $histd
> chmod 700 $histd
>
> Now you can see this is not fool proof in anyway, ( i.e.: ~/.logout
> overrides this ) but it helps and does what i need, this generates Huge
> files so i just created a script run from cron that will change the
> permissions / owner and backs the files up
>
> [serv�] # cat /adm/histro
> #!/bin/sh
> #
> # Rotate History File / Command Tracking
> #
>
> LOGDIR=/var/adm/log/
> if test -d $LOGDIR
> then
> cd $LOGDIR
> for LOG in history; do
>
> test -f $LOG.4.tar.gz && mv $LOG.4.tar.gz $LOG.5.tar.gz
> test -f $LOG.3.tar.gz && mv $LOG.3.tar.gz $LOG.4.tar.gz
> test -f $LOG.2.tar.gz && mv $LOG.2.tar.gz $LOG.3.tar.gz
> test -f $LOG.1.tar.gz && mv $LOG.1.tar.gz $LOG.2.tar.gz
> test -f $LOG.0.tar.gz && mv $LOG.0.tar.gz $LOG.1.tar.gz
> test -d $LOG && mv $LOG $LOG.0 && tar -cvf $LOG.0.tar $LOG.0 ;
> /usr/local/bin/gzip $LOG.0.tar ; rm -rf $LOG.0
>
> mkdir $LOG
> chmod 777 $LOG
>
> done
> fi
>
> as i said this is not fool proof, but it was simple and does what i
> needed, hope this helps.
> Chris H.
>
> Date: Tue, 31 Oct 2000 14:08:37 -0500 (EST)
> From: Dale Ghent <daleg at elemental.org>
> To: sunhelp at sunhelp.org
> Subject: Re: [Sunhelp] logging
> Reply-To: sunhelp at sunhelp.org
>
> On Tue, 31 Oct 2000, Magnus Abrante wrote:
>
> | What more exactly do you want to log? Just commands?
>
> Well, full command lines (ie, all arguments). Like in the example I gave
>
> earlier, I'd like to know what the user did with the command. If root
> ran
> "vi /etc/passwd", I'd like to see that whole command line logged, rather
>
> than just "vi" as it is now.
>
> The process accounting functionality, to me, has always been geared
> towards the performance/resource monitoring of a particular server. I'm
> interested in using it for two different reasons: Security monitoring,
> and
> user accountability.
>
> c2audit does this, but only for processes parented by init and for users
>
> logged in on /dev/console... not for users using ptys.
>
> /dale
> --
> "We've heard that a million monkeys at a million keyboards could
> produce
> the Complete Works of Shakespeare; now, thanks to the Internet,
> we know this is not true."
> --Robert Wilensky, University of California
>
> _______________________________________________
> SunHELP maillist - SunHELP at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/sunhelp
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Patrick Ouellet - Programmeur Snior
patrick.ouellet at microtecsecurite.com
Recherche & Devloppement
Les Entreprise Microtec inc.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
More information about the SunHELP
mailing list