[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to log all entered commands?



On Sat, Dec 24, 2005 at 07:41:45PM +0100, MK wrote:
> Unfortunately not, because there is no timestamp in the log file and there
> is no easy way how to analyze which user executed particular command on the
> system. I'm looking for something such as logs generated by sudo.

There actual is a timestamp in the log file, at least in mine.

Script started on Sat Dec 24 20:37:56 2005
[snip]
Script done on Sat Dec 24 20:38:01 2005

Merry Christmas!
Jonathan

>
> Thanks anyway
> MK
>
> ----- Original Message -----
> From: "Siju George" <sgeorge_(_dot_)_ml_(_at_)_gmail_(_dot_)_com>
> To: "MK" <public_(_at_)_kubikcz_(_dot_)_net>
> Cc: <misc_(_at_)_openbsd_(_dot_)_org>
> Sent: Saturday, December 24, 2005 7:26 PM
> Subject: Re: How to log all entered commands?
>
>
> >On 12/24/05, MK <public_(_at_)_kubikcz_(_dot_)_net> wrote:
> >>Hello
> >>
> >>I'm trying to log all command which are entered by users but till now
> >>still
> >>without success. I think I was close with "accton" and "lastcomm"
> >>commands
> >>but unfortunetaly it logs only commands without parameters, so for
> >>instance
> >>if I disable pf, "pfctl -d" I have in log only pfctl so there is now way,
> >>to
> >>figure out what exactly happened.
> >
> >script is in base.
> >
> >$script -a /var/user/terminal-session.txt
> >
> >will log every thing to that file. Or and other file you choose.
> >Some problems exist if users run screen manipulating programs like vi.
> >
> >They are documented in
> >
> >$man script
> >
> >Hope this helps :-)
> >
> >Kind Regards
> >
> >--
> >Siju Oommen George, Network Consultant. HiFX IT & MEDIA SERVICES PVT.
> >LTD. http://www.hifx.net
>

--
 | /"\   ASCII Ribbon   | Jonathan Glaschke - Lorenz-Goertz-Stra_e 71,
 | \ / Campaign Against | 41238 Moenchengladbach, Germany;
 |  X    HTML In Mail   | jabber: jogla_(_at_)_jabber_(_dot_)_ccc_(_dot_)_de
 | / \     And News     | http://jonathan-glaschke.de/

[demime 1.01d removed an attachment of type application/pgp-signature]



Visit your host, monkey.org