[Sunhelp] logging
Dale Ghent
sunhelp at sunhelp.org
Tue Oct 31 13:08:37 CST 2000
On Tue, 31 Oct 2000, Magnus Abrante wrote:
| What more exactly do you want to log? Just commands?
Well, full command lines (ie, all arguments). Like in the example I gave
earlier, I'd like to know what the user did with the command. If root ran
"vi /etc/passwd", I'd like to see that whole command line logged, rather
than just "vi" as it is now.
The process accounting functionality, to me, has always been geared
towards the performance/resource monitoring of a particular server. I'm
interested in using it for two different reasons: Security monitoring, and
user accountability.
c2audit does this, but only for processes parented by init and for users
logged in on /dev/console... not for users using ptys.
/dale
More information about the SunHELP
mailing list