Hello,
Thanks for all of you that answered so quickly to this question.
"I would like to log all the commands done by my users in the system.
I already use a modified login ( came with the logdaemon package ) that
logs the logins of each one, but I would like to log also which commands
each user has done."
I got different answers, that can be resumed in two :
1 - Use the solaris accounting tools :
# /usr/lib/acct/accton /var/adm/pacct
>
> this command log each user's command. For view this log
> file use the command lastcomm, see man pages for more details. The
> problem of this metod is the space in disk.
>
2 - if using /bin/csh (or a derivative, like tcsh), set history to
something
> and turn savehist on,
> eg, in the .cshrc
> set history=3000
> set savehist
>
Thanks again,
---------------------------------------------------------------------------
From: "Greg G. Goldstein" <m1ggg00@FRB.GOV>
Michael Shon (716) 385-5065 michael.shon@East.Sun.COM
Harvey M Wamboldt ^ E-Mail: harvey@iotek.ns.ca
The command `lastcomm` should do the trick for you. Do a man on lastcomm.
---------------------------------------------------------------------------
From: Francis.Liu@uts.edu.au
From: Hernan Dario Russy <hrussy@uniandes.edu.co>
From: baldma@aur.alcatel.com (Mark A. Baldwin)
> As I see it, there are several answers:
> 1. if using /bin/csh (or a derivative, like tcsh), set history to
something
> and turn savehist on,
> eg, in the .cshrc
> set history=3000
> set savehist
>
---------------------------------------------------------------------------
From: Troy Wollenslegel <troy@kira.intranet.org>
Bash may do what you want. you can have the history file go somewhere
that is unreadable by that person(group)
---------------------------------------------------------------------------
> De: Jim Harmon <jim@telecnnct.com>
>
> start investigating the "wtmp" file and how it's used. It's basically
> the core behind all the system accounting, which inturn monitors all the
> system activity--such as logins and commands executed.
>
> A utility that helps to set that up is called STALKER (It's a
> client-server commercial product)
>
--------------------------------------------------------------------------
Sue.Gray@Unisa.Edu.Au Systems & Networks
> use the following command:
>
> # /usr/lib/acct/accton /var/adm/pacct
>
> this command log each user's command. For view this log
> file use the command lastcomm, see man pages for more details. The
> problem of this metod is the space in disk.
>
> Excuse for mi english,
>
> Good luck, Bye Bye
>
> Marcos
>
> Marcos A. Padilla M. Email : mpadilla@cientec.cl
--------------------------------------------------------------------------
> Rich Kulawiec
> rsk@itw.com
> (Oh -- and you don't need a modified login to track user logins. The
stock
> package does that as well, and if you have accounting turned on, it'll
> assist you in collating that data along with other resource usage stats.)
--------------------------------------------------------------------------
> De: Francois Leclerc <leclerc@austin.apc.slb.com>
>
> 1- to log command names (8 characters)
> Solaris 2.X System Administrator Answerbook
> search for accounting
>
> 2- to log a bit more : use wrapper as explained in this book page 699
> http://www.ora.com/catalog/puis
>
> 3- to log a lot more : search C2 audit trail in answerbook
>
> 4- to get something out of the audit trail : Stalker products from
> http://www.haystack.com
>
> All this is very well explained in the above mentioned book (chapter 10)
> Go buy it !
>
--------------------------------------------------------------------------
> De: Danny Johnson <djohnson@nbserv2.dseg.ti.com>
>
> turn on accounting and you get that, but ONLY the command name
> (last 8 characters, no path and no arguments). that is enough
> for some people's requirements.
>
--------------------------------------------------------------------------
> De: Liew.Chee.Wah <cwliew@bass.com.my>
>
>
> You can try the auditing subsystem built in Sun O/S. Try to activate the
> accounting subsystem and the command " lastcomm <username>" will display
> the last commands the user had entered.
>
> To start up the accounting subsystem, you can either manually type in
> '/usr/lib/acct/startup' or put this command in the system start up
script.
>
--------------------------------------------------------------------------
> De: K.Ravi <RAVKRISH.IN.ORACLE.COM.ofcmail@in.oracle.com>
>
>
> How about the accounting software that comes with Solaris by default? See
man
> of acct(1M), accton(1M). [Packages SUNWaccu and SUNWaccr have to be
installed].
>
--------------------------------------------------------------------------
------------------------------------------------------------------------
Rubens Mau
DIALDATA SYSTEMS - INTERNET SERVICE PROVIDER
info@dialdata.com.br
tel.: 55-11-8294731
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:44 CDT