Log all user commands
Hello I'd like to know if it's possible to log the commands of all users logged into a system using syslog-ng. I googled and looked through the man pages for syslon-ng and syslog-ng.conf but I didn't find anything useful. Thanks in advance for your help. Ian
On Mon, 2009-10-19 at 17:42 +0900, Ian Masters wrote:
Hello
I'd like to know if it's possible to log the commands of all users logged into a system using syslog-ng.
I googled and looked through the man pages for syslon-ng and syslog-ng.conf but I didn't find anything useful.
Thanks in advance for your help.
Hi! I do not think it is a syslog-ng related problem. Your OS must log all the user commands. Syslog-ng just collects them. But you have forgot to tell the OS version. (From this point it is offtopic I think.) If you use Linux I advise to install auditd and set up correctly. I use ubuntu. If auditd is installed, but not running the kernel will log to /dev/log. You just need to set up correctly the rules of auditing. Please see the auditctl command how to set it. Best wishes, Peter -- Höltzl Péter CISA, IT biztonsági tanácsadó holtzl.peter@balabit.hu +36 20 366 9667 BalaBit IT Security 1115 Budapest XI. Bártfai u. 54. Tel +36 1 371 0540 Fax +36 1 208 0875 Az üzenet és annak bármely csatolt anyaga bizalmas, jogi védelem alatt áll, a nyilvános közléstől védett. Az üzenetet kizárólag a címzett, illetve az általa meghatalmazottak használhatják fel. Ha Ön nem az üzenet címzettje, úgy kérjük, hogy telefonon, vagy e-mail-ben értesítse erről az üzenet küldőjét és törölje az üzenetet, valamint annak összes csatolt mellékletét a rendszeréből. Ha Ön nem az üzenet címzettje, abban az esetben tilos az üzenetet vagy annak bármely csatolt mellékletét lemásolnia, elmentenie, az üzenet tartalmát bárkivel közölnie vagy azzal visszaélnie.
On Mon, 2009-10-19 at 17:42 +0900, Ian Masters wrote:
Hello
I'd like to know if it's possible to log the commands of all users logged into a system using syslog-ng.
I googled and looked through the man pages for syslog-ng and syslog-ng.conf but I didn't find anything useful.
Thanks in advance for your help.
Hi!
I do not think it is a syslog-ng related problem. Your OS must log all the user commands. Syslog-ng just collects them. But you have forgot to tell the OS version. (From this point it is offtopic I think.) If you use Linux I advise to install auditd and set up correctly. I use ubuntu. If auditd is installed, but not running the kernel will log to /dev/log. You just need to set up correctly the rules of auditing. Please see the auditctl command how to set it.
Peter Thanks very much for your super fast reply. My system is Solaris 10, but I think you are right. From here, it's OT. Thanks anyway. Ian
participants (3)
-
Höltzl Péter
-
Ian Masters
-
マスターズ イアン