[logs] How to log - commands and file access
david.bigot at devoteam.com
david.bigot at devoteam.com
Mon Nov 12 07:15:00 PST 2007
Hello,
Concerning BASH logging, I have found a bash "syslog version" :
Nov 9 18:24:04 linux -bash: history: [pid:3016 uid:0] cat
/etc/passwd
I have try SNARE Agent, it's very helpful. You can filter and log all
process activity, any file access, network access.... but require some CPU
charge...
Perhaps, someone have test this software ? Do you have some advices about
SNARE's configuration ?
Regards,
----------------------------------------------------------------------
David Bigot - Consultant sécurité
Apogée Communications - Groupe DEVOTEAM
86, rue Anatole France
92300 Levallois-Perret
téléphone: ()1.41.49.58.04
email: david.bigot at apogee-com.fr
Mike Blomgren <mike.blomgren at tornado.se>
12/11/2007 15:47
A
david.bigot at devoteam.com, loganalysis at loganalysis.org
cc
Objet
Re: [logs] How to log - commands and file access
Hi,
To log all commands from bash I have used Bash-BOFH. Found here:
http://www.ccitt5.net/archives/
It patches the bash source to send all commands to a syslog. It works very
well, but unfortunately requires bash 2.05, and doesn't work for the
newer 3.0 AFAIK.
~Mike
david.bigot at devoteam.com wrote:
Hello,
I want to known for a customer, how to log automatically on UNIX and Linux
system :
- all commands executed (in BASH, ZSH & co ...). I know but the file
~/.(ba)sh_history but I prefer a global file or through syslog.
- all file access by process and username in real-time (not static) or if
it's not possible, which process and username access to some files (or
directory) like /etc/shadow, /data/ ...
Regards,
----------------------------------------------------------------------
David Bigot - Consultant sécurité
Apogée Communications - Groupe DEVOTEAM
86, rue Anatole France
92300 Levallois-Perret
téléphone: ()1.41.49.58.04
email: david.bigot at apogee-com.fr
_______________________________________________
LogAnalysis mailing list
LogAnalysis at loganalysis.org
http://www.loganalysis.org/mailman/listinfo/loganalysis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20071112/5c5a2ef5/attachment.html
More information about the LogAnalysis
mailing list