[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to log all entered commands?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: How to log all entered commands?
- From: Jonathan Glaschke <e-mail_(_at_)_jonathan-glaschke_(_dot_)_de>
- Date: Sat, 24 Dec 2005 20:40:21 +0100
On Sat, Dec 24, 2005 at 07:41:45PM +0100, MK wrote:
> Unfortunately not, because there is no timestamp in the log file and there
> is no easy way how to analyze which user executed particular command on the
> system. I'm looking for something such as logs generated by sudo.
There actual is a timestamp in the log file, at least in mine.
Script started on Sat Dec 24 20:37:56 2005
Script done on Sat Dec 24 20:38:01 2005
> Thanks anyway
> ----- Original Message -----
> From: "Siju George" <sgeorge_(_dot_)_ml_(_at_)_gmail_(_dot_)_com>
> To: "MK" <public_(_at_)_kubikcz_(_dot_)_net>
> Cc: <misc_(_at_)_openbsd_(_dot_)_org>
> Sent: Saturday, December 24, 2005 7:26 PM
> Subject: Re: How to log all entered commands?
> >On 12/24/05, MK <public_(_at_)_kubikcz_(_dot_)_net> wrote:
> >>I'm trying to log all command which are entered by users but till now
> >>without success. I think I was close with "accton" and "lastcomm"
> >>but unfortunetaly it logs only commands without parameters, so for
> >>if I disable pf, "pfctl -d" I have in log only pfctl so there is now way,
> >>figure out what exactly happened.
> >script is in base.
> >$script -a /var/user/terminal-session.txt
> >will log every thing to that file. Or and other file you choose.
> >Some problems exist if users run screen manipulating programs like vi.
> >They are documented in
> >$man script
> >Hope this helps :-)
> >Kind Regards
> >Siju Oommen George, Network Consultant. HiFX IT & MEDIA SERVICES PVT.
> >LTD. http://www.hifx.net
| /"\ ASCII Ribbon | Jonathan Glaschke - Lorenz-Goertz-Stra_e 71,
| \ / Campaign Against | 41238 Moenchengladbach, Germany;
| X HTML In Mail | jabber: jogla_(_at_)_jabber_(_dot_)_ccc_(_dot_)_de
| / \ And News | http://jonathan-glaschke.de/
[demime 1.01d removed an attachment of type application/pgp-signature]