Dear All

I had a UNIX ( Sun solaris ) os.

There are many user on that server. Now i want to find during last week who had log in to the sever and which commnad are executed by them?

I also want to from which IP they had log in to the server.

Is there any log file generated for user in server.??? Kindly send me path.

Hoping reply

Regards
Jaydeep

If your running the acct packages there your good to go for doing just that, that gives you quite a bit extra commands like lastcomm and what not to show command history and more.

Though most intrusions avoid utmp/wtmp pretty handedly

The command you want is "last". It uses the information from wtmp, which after 30 days gets moved to /var/adm/wtmpx.1 or something like that.

Use last by itself to get the standard report. Remote logins will have the IP address in the 3rd column. (Locally spawned sessions, ie, Xterms or virtual terminals will not have an IP address.) Use -f filename to use the older wtmpx file.

As the previous poster hinted at, hackers may be able to cover their tracks, so this only helps with authorized access. To cross-reference, you can also look at the logs from /var/adm/messages*. To enable more verbosity in log messages, you should tweak entries in both /etc/pam.conf, /etc/syslogd.conf, and /etc/ssh/sshd.conf.

last only gives logins, but lastcomm gives oh much more. Though I never found it all that wonderful in practice. A simply ln -s /usr/bin/games/rogue ~/bin/pine and you could be productive all day long

Dear all

I also want to log of command given by specific user.

Kindly sugest me....

lastcomm command is not runing in my system..

plz send other possible way...

There's another thread on this board about command logging. There's the "rootsh" package (available from sourceforge), but you have to replace selected user's shells. If you're running BSD, the lastcomm package will work if accounting is turned on (apparently). If you're running Solaris, there's an accounting and reporting package there too (see other thread).