I haven't tried them, but do these track executing shell commands from inside vim or other editors? Or other ways of running commands? (write a script, run it, delete the script) Rob Marti > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Zbynek Vymazal > Sent: Thursday, September 23, 2010 9:20 AM > To: General Red Hat Linux discussion list > Subject: RE: User Auditing > > Hi Rob, > > I'm logging command history of every user to remote syslog server. It > requires two steps on client side: > > 1) Add following function to /etc/profile: > > function history_to_syslog > { > declare command > command=$(fc -ln -0) > logger -p local7.notice -t bash -i -- $USER : $command } trap > history_to_syslog DEBUG > > 2) Configure local syslog to resend logs to remote syslog (/etc/syslog- > ng/syslog-ng.conf): > > # Send local messages to central syslog server > > filter f_filter7 { facility(local7); }; > destination d_syslog_server { udp(xxx.xxx.xxx.xxx); }; log { source(s_sys); > filter(f_filter7); destination(d_syslog_server); }; > > Best regards, > > Zbynek Vymazal > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Rob DeSanno > Sent: Thursday, September 23, 2010 15:40 > To: General Red Hat Linux discussion list > Subject: User Auditing > > This should be an easy question. > > I use Logwatch on all of my RHEL servers and would like for it to also report > on all commands that any user had typed when logged in as well. > Something along the lines of UID: Command to give me an idea of who was > doing what at any given period of time. > > I tried using snoopy but that gave me much more than I was looking for. I'm > now playing around with psacct and logger but was curious to know what > everyone else out there uses to monitor user activity besides looking into > everyone history file. > > Thanks in advance! > ~Rob > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
