Need Suggestion regarding Process Tracking?
I have been trying hard to find out the tool or utlity which will save my day tracking what process really deleted my files and who is the owner of the command run on my Machine. I want every bit of information in my Linux Box without missing out the entire history of the process.
What my requirement is :
1. Information like processid, process name, file accessed by the process, command executed by the process, from which terminal or session process initiated.
2. File level auditing -- As of now I am without any tool listing all files that got deleted and not showing up any rm or unlink commands.
All I can think of some utility like psacct or auditing which can let me know eacj and every process history whats going on in my box.
Pls Suggest.
|