Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: monitoring various things (mainly activity) on different unix boxes
Top Forums Shell Programming and Scripting monitoring various things (mainly activity) on different unix boxes Post 302560665 by Peasant on Friday 30th of September 2011 12:34:47 PM
Old 09-30-2011
Information who is connected available in syslog.

Please look at the syslogd on your box, you can increase / decrease / separate various logging on your system, for your scripts and/or log managment software to parse it.

For doing what really depends.. it would be a better approach to think what do you don't want users to do to the system or information.
That's why you have user kernel limits, unix permissions and ACLs and secure protocols to communicate and authenticate with (ssh, ssl, kerberos)

Try to make folks think about what they want, who will do it and with what permissions.

root account can be fine-tuned and logged (command wise) per your desire using sudo
 

9 More Discussions You Might Find Interesting

1. Programming

text boxes, radio buttons , check boxes in c++ on unix

Hi ! Please tell me how to get radio buttons, text boxes , check boxes , option buttons , pull down menus in C++ on Unix. I think it would be done using curses.h ..but that's all i know. TIA, Devyani. (3 Replies)
Discussion started by: devy8
3 Replies

2. UNIX for Dummies Questions & Answers

users logging on to unix boxes

I have been asked to write a unix script to log and report all users logging on to our unix boxes as either the root or oracle users only on a 24 hour basis. This should trap the logon and logoff time,if possible what they are doing and their username. Thanks in Advance (2 Replies)
Discussion started by: irehman
2 Replies

3. UNIX for Dummies Questions & Answers

monitoring /tmp and /var/tmp for suspicous activity

Hello, does anyone have a script that can check the contents of the /tmp directory and for example e-mail the directory content if anything other than session files are present? Maybe there are better ways to monitor suspicous /tmp and /var/tmp activity, if so I'm listening :) (1 Reply)
Discussion started by: jamesbond
1 Replies

4. UNIX for Dummies Questions & Answers

Help! Suggestions on what I can I use my 2 unix boxes for?

Once upon a looong time ago I used to work with Unix systems - SGI mainly. Now I've inherited 2 boxes - an SGI dual processor Octane and an Indigo2. For the past 2 years they've sat waiting for me to do something with them and never getting round to it. I run a windows network at home so... (3 Replies)
Discussion started by: JimmyChang
3 Replies

5. UNIX for Dummies Questions & Answers

How do I install things on Unix?

I am really confused as to how to install a piece of software on Unix especially after having worked with Windows for over 10 years. I see the tar.gz, tar.gz2 and rpm packages. How do I install these things? Do I have to be a root to do this? If its only the root, then how do users generally... (4 Replies)
Discussion started by: Legend986
4 Replies

6. AIX

Monitoring the network activity happening in a port in AIX 5.3

Hi All, I would like to monitor the volume of Data that is transferred through a single port in AIX. I have nmon installed in my machine. What is the best possible solution for this problem. Thanks in Advance. (3 Replies)
Discussion started by: bravo13
3 Replies

7. Solaris

Monitoring all user keystroke activity

Hello, First post so bear with me....i've done lost of searches on this and did not find a definitive answer. I need to be able to capture in log every single keystroke a user performs, I am aware that the script command can be used to do this, however, here is my dilemma/problem. Here... (1 Reply)
Discussion started by: giles.cardew
1 Replies

8. Solaris

how to config sudo in unix boxes

Hi How to configure sudo in all unix boxes. plz provide the step by step process. Regards Praveen (3 Replies)
Discussion started by: tv.praveenkumar
3 Replies

9. Red Hat

RHEL Linux process activity monitoring tool from windows 7 system

I have 2 RHEL 5.9 system where customized applications are running. These 2 servers are with in a network (LAN) with each other.One application in say Server 1 can talk to another application in server 2 and vice versa. The applications are exchanging data among each other. Recently I am... (0 Replies)
Discussion started by: Anjan Ganguly
0 Replies

LEARN ABOUT CENTOS

syslogd

syslogd(1M)                                                                                                                            syslogd(1M)

NAME

       syslogd - log system messages

SYNOPSIS

       /usr/sbin/syslogd [-d] [-f configfile] [-m markinterval] [-p path] [-t | -T]

       syslogd  reads  and forwards system messages to the appropriate log files or users, depending upon the priority of a message and the system
       facility from which it originates. The configuration file /etc/syslog.conf (see syslog.conf(4)) controls where messages are forwarded. sys-
       logd  logs  a  mark (timestamp) message every markinterval minutes (default 20) at priority LOG_INFO to the facility whose name is given as
       mark in the syslog.conf file.

       A system message consists of a single line of text, which may be prefixed with a priority code number enclosed in angle-brackets (<>); pri-
       orities are defined in <sys/syslog.h>.

       syslogd reads from the STREAMS log driver, /dev/log, and from any transport provider specified in /etc/netconfig, /etc/net/transport/hosts,
       and /etc/net/transport/services.

       syslogd reads the configuration file when it starts up, and again whenever it receives a HUP signal (see signal.h(3HEAD), at which time  it
       also closes all files it has open, re-reads its configuration file, and then opens only the log files that are listed in that file. syslogd
       exits when it receives a TERM signal.

       As it starts up, syslogd creates the file /var/run/syslog.pid, if possible, containing its process identifier (PID).

       If message ID generation is enabled (see log(7D)), each message will be preceded by an identifier in the following format: [ID msgid facil-
       ity.priority]. msgid is the message's numeric identifier described in msgid(1M). facility and priority are described in syslog.conf(4). [ID
       123456 kern.notice] is an example of an identifier when message ID generation is enabled.

       If the message originated in a loadable kernel module or driver, the kernel module's name (for example, ufs) will be displayed  instead  of
       unix. See EXAMPLES for sample output from syslogd with and without message ID generation enabled.

       In  an  effort to reduce visual clutter, message IDs are not displayed when writing to the console; message IDs are only written to the log
       file. See EXAMPLES.

       The /etc/default/syslogd file contains the following default parameter settings. See FILES.

       LOG_FROM_REMOTE

           Specifies whether remote messages are logged. LOG_FROM_REMOTE=NO is equivalent to the -t command-line option.  The  default  value  for
           LOG_FROM_REMOTE is YES.

       The following options are supported:

       -d                      Turn  on  debugging. This option should only be used interactively in a root shell once the system is in multi-user
                               mode. It should not be used in the system start-up scripts, as this will cause the system  to  hang  at  the  point
                               where syslogd is started.

       -f configfile           Specify an alternate configuration file.

       -m markinterval         Specify an interval, in minutes, between mark messages.

       -p path                 Specify an alternative log device name. The default is /dev/log.

       -T                      Enable the syslogd UDP port to turn on logging of remote messages. This is the default behavior. See .

       -t                      Disable the syslogd UDP port to turn off logging of remote messages. See .

EXAMPLES

       Example 1: syslogd Output Without Message ID Generation Enabled

       The following example shows the output from syslogd when message ID generation is not enabled:

       Sep 29 21:41:18 cathy unix: alloc /: file system full

       Example 2: syslogd Output with ID generation Enabled

       The  following example shows the output from syslogd when message ID generation is enabled. The message ID is displayed when writing to log
       file/var/adm/messages.

       Sep 29 21:41:18 cathy ufs: [ID 845546 kern.notice]
                                           alloc /: file system full

       Example 3: syslogd Output with ID Generation Enabled

       The following example shows the output from syslogd when message ID generation is enabled when writing to the console. Even though  message
       ID is enabled, the message ID is not displayed at the console.

       Sep 29 21:41:18 cathy ufs: alloc /: file system full

       /etc/syslog.conf                Configuration file

       /var/run/syslog.pid             Process ID

       /etc/default/syslogd            Contains default settings. You can override some of the settings by command-line options.

       /dev/log                        STREAMS log driver

       /etc/netconfig                  Transport providers available on the system

       /etc/net/transport/hosts        Network hosts for each transport

       /etc/net/transport/services     Network services for each transport

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWcsu                      |
       +-----------------------------+-----------------------------+

       logger(1), svcs(1), msgid(1M),svcadm(1M), syslog(3C), syslog.conf(4), attributes(5), signal.h(3HEAD), smf(5), log(7D)

NOTES

       The  mark  message is a system time stamp, and so it is only defined for the system on which syslogd is running. It can not be forwarded to
       other systems.

       When syslogd receives a HUP signal, it attempts to complete outputting pending messages, and close all log files to which it  is  currently
       logging  messages.  If,  for  some reason, one (or more) of these files does not close within a generous grace period, syslogd discards the
       pending messages, forcibly closes these files, and starts reconfiguration. If this shutdown procedure is disturbed by an  unexpected  error
       and  syslogd  cannot complete reconfiguration, syslogd sends a mail message to the superuser on the current system stating that it has shut
       down, and exits.

       Care should be taken to ensure that each window displaying messages forwarded by syslogd (especially console windows) is run in the  system
       default  locale (which is syslogd's locale). If this advice is not followed, it is possible for a syslog message to alter the terminal set-
       tings for that window, possibly even allowing remote execution of arbitrary commands from that window.

       The syslogd service is managed by the service management facility, smf(5), under the service identifier:

        svc:/system/system-log:default

       Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed  using  svcadm(1M).  The  ser-
       vice's status can be queried using the svcs(1) command.

                                                                    31 May 2005                                                        syslogd(1M)
All times are GMT -4. The time now is 09:23 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy