Command history logs for linux/Solaris

talat · 01-15-2010, 04:54 AM

Hi Guys,

Just like we have tacacs application for cisco/juniper devices which keep logs of the command entered on the device and the user who entered them. Is there any way to have the same kind of setup for my linux/Solaris servers that when ever any body enter any command or modify any file then its logs is sent to some server along with the user name who made those changes ?

Thanks in advance

kbp · 01-15-2010, 07:29 PM

I don't think you can monitor every command entered by every user, but you can track file alterations - take a look at 'fam' and friends

cheers

unSpawn · 01-16-2010, 06:01 AM

Wrt GNU/Linux, for logging command-line plus output, see 'rootsh' and the "syslog" switch. For remote logging of 'rootsh' output see /etc/syslog.conf. Also please search the Linux Security forum for PCI-DSS (as in logging requirements). What you request does not have a single tool solution, so correlating data will be important.