04-12-2006
Command Logging in SCO
Hello, new user here. I am the "administrator" for a few SCO Unix servers here, but do not have much Unix administration experience other than some basic stuff (don't ask).
Anyway, I have been charged with finding a way to log all users commands for auditing purposes. This includes root. The log file should contain the command that was run, the user that invoked it, and the date and time of execution. Other data may be useful, but is not required. This log file should not be accessible by any users other than root, or they could obviously edit the file if they did something "bad".
I've looked at syslog and don't think it will give me what I need. I've also looked at pacct, but not sure if that works either. Maybe it's a setup issue? I have read through several man pages (syslog, syslogd, syslog.conf, pacct, etc) as well as a few printouts from various sites, but nothing looks like what I'm searching for. I've tried the search here as well and found that pacct seems the closest, but I'm not so sure.
We use Windows boxes running Reflections to telnet into the Unix boxes. Our Corporate office has decreed that we use a script that does log all user commands. To even use this script, we have to set up Reflection icons that will automatically enter the user into this script and then hide the ability to change the settings of the Reflection configuration. The logs from this script are editable (just hidden) and there are too many back-doors (rlogin/ftp/telnet/etc) to bypass it. Too much of a rigamarole for something that really does not work. As I see it, we need OS level logging.
If anyone can point me in the right direction, I would be eternally grateful.
Thanks in advance!
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi all...
I've completed the task of deploying SSH over my 400 servers.
I don't know if i'm right or wrong, but ssh doesn't do any command-logging, does it?
Is there a app i can use to log all commands passed ( besides the usual .sh_history), whith no modification possible by the user, and how... (2 Replies)
Discussion started by: penguin-friend
2 Replies
2. UNIX for Dummies Questions & Answers
Hi, I am trying to recollect the command used to log a file.
We use this command just before starting, say, installation. At the end you get a file capturing the series of commands you used during the course of time and sytems response.
Could anybody please help.
Thanks,
Dasa (3 Replies)
Discussion started by: dtamminx
3 Replies
3. UNIX for Dummies Questions & Answers
. (1 Reply)
Discussion started by: Driver
1 Replies
4. Solaris
Does anyone have a simple method of logging all shell commands typed by a user (csh in our case)?
- I could enable auditing, but this would be overkill
- I could enable process accounting, but AFAIK, this does not log arguments
Thanks all. (2 Replies)
Discussion started by: minkie
2 Replies
5. Cybersecurity
I am looking for a really good command logging tool to improve the auditing of my servers. I have previously used snoopy but this is currently a bit flaky and causing serious problems for me, it doesn't look like it's been maintained since 2004, it didn't even want to compile until I added -fPIC... (1 Reply)
Discussion started by: humbletech99
1 Replies
6. Shell Programming and Scripting
hi folks,
In the following code, logfile remains empty.
log_file="/u/Sc/prav.log.$mon$day"
ps -ef | grep "myprocess"| awk -v logfile=$log_file '{
system("date >> logfile")
}'
can u please help as how to log the date to that logfile.
thanks in advance! (3 Replies)
Discussion started by: pravfraz
3 Replies
7. SCO
Hello,
I am trying to write log from sco box to a remote host.
We already have that setting working for linux server using syslog.
With this setting(on LINUX)
*.* @remote-host for sco I have this
*.debug /usr/adm/syslog
*.* ... (3 Replies)
Discussion started by: polestar
3 Replies
8. Shell Programming and Scripting
I have been doing a lot more bash on LINUX RedHat and Ubuntu lately, and one thing keeps cropping up intermittently. If I do a $( some-commands ) Command Substitution, the some-commands are logged onto my screen each time they are evaluated. Did I turn on some odd option? It seems to happen just... (13 Replies)
Discussion started by: DGPickett
13 Replies
9. Shell Programming and Scripting
I searched the forums for command logging and the user "Driver" seemed to provide a script for logging shell commands with related info like date and time. The subject was "logging command invocations -cmdlog" . I would be interested in this script.
Thanks (0 Replies)
Discussion started by: starcraft
0 Replies
10. Linux
When unlocking a Linux server's console there's no event indicating successful logging
Is there a way I can fix this ?
I have the following in my rsyslog.conf
auth.info /var/log/secure
authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies
GFMD(8) GFMD(8)
NAME
gfmd(8) - Gfarm metadata server
SYNOPSIS
gfmd [ options ]
DESCRIPTION
gfmd is a Gfarm filesystem metadata server for accessing the filesystem metadata of the Gfarm filesystem. gfmd must be running on a meta-
data server node in advance.
It is possible for gfmd to be executed as a non-privileged user process, although only the user that executes the gfmd can be authenti-
cated. Other users cannot use it. For details, see SETUP.private.en document
To access gfmd, the hostname and the port number should be specified by the metadb_server_host and metadb_server_port statements, respec-
tively, in ~/.gfarm2rc or in %%SYSCONFDIR%%/gfarm2.conf on a client node.
OPTIONS
-L log-level
Specifies a log priority level. The log output, which priority is higher or equal to this level, will be sent to syslog or standard
error. Please refer gfarm2.conf(5) for the priority levels which can be specified by this option.
-P pid-file
Specifies a file name to be used to record the process ID of gfmd.
-d Specifies the debug mode. With the -d option, gfmd runs as a foreground process, not a daemon.
If this option is specified and -L is not specified, the log level is set to "debug".
-f config-file
Specifies a configuration file that is read instead of the default configuration file.
-p port
Specifies a port number to be used by gfmd.
-s syslog-facility
Specifies a syslog facility to report errors encountered by gfmd. By default, local0 is used.
-v Makes gfmd output verbose log message on authentication. This is useful, when one has to resolve an issue about GSI authenticaion.
-? Displays a list of command options.
FILES
%%SYSCONFDIR%%/gfmd.conf
configuration file
SEE ALSO
gfarm2.conf(5)
Gfarm 20 December 2010 GFMD(8)