[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: User Auditing



 On 09/23/2010 03:40 PM, Rob DeSanno wrote:
This should be an easy question.

I use Logwatch on all of my RHEL servers and would like for it to also
report on all commands that any user had typed when logged in as well.
Something along the lines of UID: Command to give me an idea of who was
doing what at any given period of time.

I tried using snoopy but that gave me much more than I was looking for. I'm
now playing around with psacct and logger but was curious to know what
everyone else out there uses to monitor user activity besides looking into
everyone history file.

Thanks in advance!
~Rob
You might like to take a look at LUARM: http://luarm.sourceforge.net/

It is a new project I am heading and the idea is to target mainly what the users are doing at file, network endpoint and process execution level. As long as you have a good MySQL box and you are willing to install Perl DBI/ DBD MySQL, you should get what you want.

A good presentation of what the system is supposed to do and the context is here:
http://folk.uio.no/georgios/other/Dagstuhl2010.pdf

(Documentation is under way)

Snoopy is good, but it has an inherent library dependency on the user environment that I do not like. Psacct can introduce substantial overhead on a busy server. Give LUARM a go and then let me know what you think and/or issues you might face in the process of deploying it.

--
--
George Magklaras
Senior Systems Engineer/IT Manager
Biotek Center, University of Oslo
EMBnet TMPC Chair

http://folk.uio.no/georgios

Tel: +47 22840535





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]