Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Log
Top Forums UNIX for Dummies Questions & Answers Log Post 22333 by Perderabo on Friday 31st of May 2002 02:46:13 PM
Old 05-31-2002
This depends on several factors...

First most modern shells can optionally keep a history file. Users can use the the history file to record their commands and repeat previous commands, etc. Users can also decline to keep a history file.

Most (perhaps all?) version of unix have systemwide accounting. But accounting was developed in an era when users paid for cpu seconds. It's pretty good at recording cpu time used by each user. And it can produce produce a list of commands that each user ran. But the info is limited and can be easily fooled. It was never intended for security.

Some versions of unix have what are called C2 security features. Few of them have actually obtained a C2 rating from the US Dept of Defense, but they have the features that DOD would look for. HP-UX is in this category. It can record each system call executed by each user. And you can specify various levels of logging for various users. This type of logging can be very detailed and on a properly admin'ed system cannot be fooled by a non-root user.

Note that both accounting and c2 security logging can require considerable resources including lots of disk space. For this reason, they are rarely used.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

CVS command checkin log minus tag log

Hi What is the cvs command for getting the diff between the checkin log and tag log. i am trying cvs rdiff -s -r <branch Tag> -r <branch> <module> but it is not giving me the files that were not tagged. I think it is doing a diff for common files in head and tag. Please help ... (0 Replies)
Discussion started by: rakeshou
0 Replies

2. Emergency UNIX and Linux Support

/var/log/wtmp SuSE log permission rollback

Hello All, On my SuSE system, I have wtmp log this log file permission is 644 but every reboot the file permission rollback to 664. In the logrotate.conf and logrotate.d/wtmp files the wtmp logrotate set to 644. I would like to know, which "file" or "script" modify the wtmp log to rollback to... (7 Replies)
Discussion started by: kalaso
7 Replies

3. Shell Programming and Scripting

Perl's buffered I/O is causing me to miss latest log file entries in log colorizer. How to fix?

I've been finding myself using a log file colorizer written in perl to reformat and colorize the output from many different programs. Mainly, however, I use it to make the output from "tail -f" commands more readable. The base perl script I use is based on "colorlogs.pl" available from the... (1 Reply)
Discussion started by: rcsteiner
1 Replies

4. Shell Programming and Scripting

How can view log messages between two time frame from /var/log/message or any type of log files

How can view log messages between two time frame from /var/log/message or any type of log files. when logfiles are very big and especially many messages with in few minutes, I would like to display log messages between 5 minute interval. Could you pls give me the command? (1 Reply)
Discussion started by: johnveslin
1 Replies

5. HP-UX

Script to monitor /var/opt/resmon/log/event.log file

AM in need of some plugin/script that can monitor HP-UX file "/var/opt/resmon/log/event.log" . Have written a scrip in sh shell that is working fine for syslog.log and mail.log as having standard format, have interrogated that to Nagios and is working as I required . But same script failed to... (3 Replies)
Discussion started by: Shirishlnx
3 Replies

6. Shell Programming and Scripting

Monitor log entries in log files with no Date format? - Efficient logcheck?

is there a way to efficiently monitor logfiles that do not have a date or time format? i have several logs on several different servers that need to be monitored. but i realized writing a script for this would be very complex and time consuming giving the variety of things i need to check for i.e.... (2 Replies)
Discussion started by: SkySmart
2 Replies

7. Shell Programming and Scripting

Check log file size every 10 minute. Alert if log not update

How to check log size every 10min. by script (can use crontab) if log size not change with alert "Log not update" Base run on SunOS 5.8 Generic_Virtual sun4u sparc SUNW,SPARC-Enterprise logFiles="log1.log log2.log" logLocation="/usr/home/test/log/" Out put. Tue Jan 31... (3 Replies)
Discussion started by: ooilinlove
3 Replies

8. Shell Programming and Scripting

Log search and mail it if the log is updated before 24 hours from the current time

Hi , We have around 22 logs , each has different entries. I have to automate this using shell script. The ideas which am sharing is given below 1) We use only TAIL -100 <location and name of the log> Command to check the logs. 2) We want to check whether the log was updated before 24... (13 Replies)
Discussion started by: Kalaihari
13 Replies

9. Web Development

How to log http 404 error to a separate log file?

Apache Web Server: how to log http 404 error to a separate log file and i do not want to log in access.log please advice. (2 Replies)
Discussion started by: raghur77
2 Replies

10. Shell Programming and Scripting

Log all the commands input by user at real time in /var/log/messages

Below is my script to log all the command input by any user to /var/log/messages. But I cant achieve the desired output that i want. PLease see below. function log2syslog { declare COMMAND COMMAND=$(fc -ln -0) logger -p local1.notice -t bash -i -- "$USER:$COMMAND" } trap... (12 Replies)
Discussion started by: invinzin21
12 Replies

LEARN ABOUT SUSE

lastcomm

lastcomm(1)							   User Commands						       lastcomm(1)

NAME

       lastcomm - display the last commands executed, in reverse order

SYNOPSIS

       lastcomm [-f file] [-x] [command-name] ... [user-name] ... [terminal-name] ...

DESCRIPTION

       The  lastcomm command gives information on previously executed commands. lastcomm with no arguments displays information about all the com-
       mands recorded during the current accounting file's lifetime. If called with arguments, lastcomm only displays accounting  entries  with  a
       matching  command-name, user-name, or terminal-name. If extended process accounting is active (see acctadm(1M)) and is recording the appro-
       priate data items, lastcomm attempts to take data from the current extended process accounting file.  If  standard  process  accounting	is
       active, lastcomm takes data from the current standard accounting file (see acct(2)).

       If terminal-name is `- -', there was no controlling TTY for the process.  The process was probably executed during boot time. If  terminal-
       name is `??', the controlling TTY could not be decoded into a printable name.

       For each process entry, lastcomm displays the following items of information:

	 o  The command name under which the process was called.

	 o  One or more flags indicating special information about the process. The flags have the following meanings:

	    F	     The process performed a fork but not an exec.

	    S	     The process ran as a set-user-id program.

	 o  The name of the user who ran the process.

	 o  The terminal which the user was logged in on at the time (if applicable).

	 o  The amount of CPU time used by the process (in seconds).

	 o  The date and time the process exited.

OPTIONS

       The following options are supported:

       -f file	       Uses file as the source of accounting data. file may be either an extended process accounting file or  a  standard  process
		       accounting file.

       -x	       Uses  the  currently active extended process accounting file. If extended processing accounting is inactive, no output will
		       be produced.

EXAMPLES

       Example 1: Listing executions of named commands

       The command

       example% lastcomm a.out root term/01

       produces a listing of all the executions of commands named a.out by user root while using the terminal term/01.

       Example 2: Listing all user commands

       The command

       example% lastcomm root

       produces a listing of all the commands executed by user root.

FILES

       /var/adm/pacct		       standard accounting file

       /var/adm/exacct/proc	       extended accounting file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWesu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       last(1), acctadm(1M), acct(2), acct.h(3HEAD), sigvec(3UCB), core(4), attributes(5)

SunOS 5.10							    10 Jan 2000 						       lastcomm(1)
All times are GMT -4. The time now is 09:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy