> do you need to know, realtime, when someone's su'ing > to root? Would a daily or hourly report work? Others have excellent input on this topic. I just want to point out that for this type of monitoring and notification, it's better to use "tail -f" instead of a cron job to repeatedly scan the log file. I have some notes about this. See "How to get alert by reading log files" at http://yong321.freeshell.org/computer/logfile.html Basically, you run tail -f <the file you're monitoring> | filter and email command This approach has much less overheard and sends email almost immediately. On Linux, you can use -s option to change probing interval to a longer time if you think once-per-second is too frequent. Yong Huang -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
