Logging user Filesystem transactions
Ed Wilts
ewilts at ewilts.org
Fri Nov 12 16:12:51 UTC 2004
On Fri, Nov 12, 2004 at 07:55:51AM -0800, Brian McGrew wrote:
> Good morning all,
>
> I'm sure I'm not the first to want this or even ask but ...
You're not and you won't be the last.
> We have several RH7.3 boxes and a few Solaris 8 boxes on our NIS
> network. Everyone attaches to NFS mounted shares. Several times now,
> we've had stuff disappear or get corrupted and no one knows nothing!
>
> I want to start logging all my users Filesystem commands. From mv, rm,
> ls to vi and cp ... Everything! Most especially if they're out in an
> NFS Filesystem but it would be nice to log their local Filesystem
> accesses as well. Preferably into a MySQL database so I can run
> reporting on it.
Simply put, you can't, especially not with 7.3. You need a full audit
subsystem. I don't know if that's there in FC3 (there's some audit
stuff in there) but it wasn't in 7.3.
The problem is very, very hard and you won't be logging to a mysql
database - at best the logs will get dumped to a flat file. mysql would
be massive overhead for this.
If your system is busy, expect gigabytes of data per day of audit logs
and you'll have a massive effort crunching those logs to do any
reporting.
Can you tell I've investigated this before? :-(
--
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts at ewilts.org
Member #1, Red Hat Community Ambassador Program
More information about the redhat-list
mailing list