User History and commnad log | Unix Linux Forums | UNIX for Dummies Questions & Answers

  Go Back    


UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !!

User History and commnad log

UNIX for Dummies Questions & Answers


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 02-10-2008
jaydeep_sadaria jaydeep_sadaria is offline
Registered User
 
Join Date: Nov 2007
Last Activity: 19 July 2014, 1:26 PM EDT
Posts: 58
Thanks: 4
Thanked 0 Times in 0 Posts
User History and commnad log

Dear All

I had a UNIX ( Sun solaris ) os.

There are many user on that server. Now i want to find during last week who had log in to the sever and which commnad are executed by them?

I also want to from which IP they had log in to the server.

Is there any log file generated for user in server.??? Kindly send me path.

Hoping reply

Regards
Jaydeep
Sponsored Links
    #2  
Old 02-10-2008
HPAVC's Avatar
HPAVC HPAVC is offline
Registered User
 
Join Date: Feb 2008
Last Activity: 29 October 2009, 8:14 AM EDT
Posts: 106
Thanks: 0
Thanked 0 Times in 0 Posts
If your running the acct packages there your good to go for doing just that, that gives you quite a bit extra commands like lastcomm and what not to show command history and more.

Though most intrusions avoid utmp/wtmp pretty handedly
Sponsored Links
    #3  
Old 02-10-2008
otheus's Avatar
otheus otheus is offline Forum Advisor  
Smartass
 
Join Date: Feb 2007
Last Activity: 23 July 2014, 6:24 AM EDT
Location: Innsbruck, Austria
Posts: 2,151
Thanks: 12
Thanked 48 Times in 45 Posts
Use "last" to see who's logged in

The command you want is "last". It uses the information from wtmp, which after 30 days gets moved to /var/adm/wtmpx.1 or something like that.

Use last by itself to get the standard report. Remote logins will have the IP address in the 3rd column. (Locally spawned sessions, ie, Xterms or virtual terminals will not have an IP address.) Use -f filename to use the older wtmpx file.

As the previous poster hinted at, hackers may be able to cover their tracks, so this only helps with authorized access. To cross-reference, you can also look at the logs from /var/adm/messages*. To enable more verbosity in log messages, you should tweak entries in both /etc/pam.conf, /etc/syslogd.conf, and /etc/ssh/sshd.conf.
    #4  
Old 02-10-2008
HPAVC's Avatar
HPAVC HPAVC is offline
Registered User
 
Join Date: Feb 2008
Last Activity: 29 October 2009, 8:14 AM EDT
Posts: 106
Thanks: 0
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by otheus View Post
The command you want is "last". It uses the information from wtmp, which after 30 days gets moved to /var/adm/wtmpx.1 or something like that.
last only gives logins, but lastcomm gives oh much more. Though I never found it all that wonderful in practice. A simply ln -s /usr/bin/games/rogue ~/bin/pine and you could be productive all day long
Sponsored Links
    #5  
Old 02-11-2008
jaydeep_sadaria jaydeep_sadaria is offline
Registered User
 
Join Date: Nov 2007
Last Activity: 19 July 2014, 1:26 PM EDT
Posts: 58
Thanks: 4
Thanked 0 Times in 0 Posts
use command log

Dear all

I also want to log of command given by specific user.

Kindly sugest me....

lastcomm command is not runing in my system..

plz send other possible way...
Sponsored Links
    #6  
Old 02-11-2008
otheus's Avatar
otheus otheus is offline Forum Advisor  
Smartass
 
Join Date: Feb 2007
Last Activity: 23 July 2014, 6:24 AM EDT
Location: Innsbruck, Austria
Posts: 2,151
Thanks: 12
Thanked 48 Times in 45 Posts
There's another thread on this board about command logging. There's the "rootsh" package (available from sourceforge), but you have to replace selected user's shells. If you're running BSD, the lastcomm package will work if accounting is turned on (apparently). If you're running Solaris, there's an accounting and reporting package there too (see other thread).
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
History to Another file [local user history , but root access] linuxadmin UNIX for Advanced & Expert Users 3 08-31-2011 11:13 AM
access user history as root sardare Shell Programming and Scripting 4 07-01-2009 12:09 PM
User History CasperQuiet UNIX for Dummies Questions & Answers 1 06-22-2009 12:01 AM
How to access all user history file rgpai9972 UNIX for Advanced & Expert Users 2 05-22-2009 11:10 AM
How to delete history for a particular user shubhranshu UNIX for Advanced & Expert Users 9 01-20-2009 09:10 AM



All times are GMT -4. The time now is 03:03 AM.