Logging shell commands and send it out

reaky · #1 (**permalink**) 08-04-2009

Dear friends
I'm looking for a solution to log all commands that users do in my RedHat box, and send it out to other remote server,
Is there any guide for that
Thanks

---------- Post updated at 04:20 AM ---------- Previous update was at 03:47 AM ----------

I can think of something else
I already have a sloution to logg all commands but in the same local machine
and have have a syslog server,
Now how I can make syslog logs this file that have commands logs?

TonyFullerMalv · #2 (**permalink**) 08-04-2009

Run something like:

Code:

cat userlogfile | logger -p auth.notice

as the user logs out?

reaky · #3 (**permalink**) 08-10-2009

Nice Idea
But this will make this once , I want to make the userlogfile always under monitoring, Which means that any updates happened on it logged by syslog once it happened.

Thanks

unSpawn · #4 (**permalink**) 08-13-2009

Quote:

Originally Posted by reaky

I'm looking for a solution to log all commands that users do in my RedHat box,

Have a look at 'rootsh'.

Quote:

Originally Posted by reaky

and send it out to other remote server

Rootsh can log to syslog so the only thing you need to do is make the remote syslog server also listen for external syslog messages and configure your local syslog server to send messages to remote.

* If you want to separate syslogs and (can) use Syslog-NG check SourceForge.net: rootsh: for "how to" details.

fpmurphy · #5 (**permalink**) 08-19-2009

ksh93 supports this feature by default using the audit/accounting facility. See KSH93 Auditing and Accounting for more information.

bash does not have any facilities to do this but if you search the Internet you will find patches out there which enable you to build a custom version of bash to provide this feature.

unSpawn · #6 (**permalink**) 08-19-2009

Quote:

Originally Posted by fpmurphy

ksh93 supports this feature by default using the audit/accounting facility.

That's all nice but that patched Ksh does not hook into Syslog (wrt an implications of an application being allowed to do housekeeping on its own auditing, corellation benefits of centralized timestamping, remote logging opportunity) like 'rootsh' or 'sudosh' could. In that respect it is more akin to the Honeypot Bash patches Anotatla provided at the time. Also the article does not show any output is recorded like aforementioned applications could.

fpmurphy · #7 (**permalink**) 08-23-2009

Unspawn said

Quote:

That's all nice but that patched Ksh does not hook into Syslog

First it is not a patched ksh93. No patches are required.

Second, you obviously did not read the post. Towards the end it provides a detailed example of how to do exactly what you are claiming it cannot do.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
Make ssh and send commands	nagomes	Shell Programming and Scripting	3	03-04-2009 05:59 AM
Can BASH execute commands on a remote server when the commands are embedded in shell	bash_in_my_head	Shell Programming and Scripting	1	12-04-2008 01:51 AM
HELP: Need to send commands to Program	the_m4ch1ne	Shell Programming and Scripting	1	08-01-2008 06:46 PM
Logging commands and output	soliberus	SUN Solaris	3	10-25-2007 06:30 AM
Logging all commands after a sudo su-	linuxmtl	UNIX for Advanced & Expert Users	4	11-11-2002 10:33 AM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: