User command duration

wolodyj · 08-22-2018, 03:38 AM

Hi

I am looking for a tool that saves the duration of user commands in the log.

Thanks in advance
W

scasey · 08-22-2018, 04:15 AM

history ?

business_kid · 08-22-2018, 04:39 AM

You can set log levels - how much is logged. Try 'man syslogd'

lougavulin · 08-22-2018, 04:39 AM

You mean for every commands used ? All the time ?

For one command, there is :

Code:

time command args

Otherwise, for all commands, I guess you would have to save the output every N minutes/seconds :

Code:

top -U $USER -n 1 -S

wolodyj · 08-22-2018, 06:10 AM

Thanks .

But I am looking for a tool like auditd that will write to the log the durations of the commands of all system users.

wpeckham · 08-22-2018, 06:16 AM

Best write that log to a partition with nothing critical on it, and make it a big one. That log could grow VARY large VERY fast.

Why would you consider such a log useful?

wolodyj · 08-22-2018, 06:18 AM

I have such a requirement from the client

pan64 · 08-22-2018, 06:49 AM

looks like you are looking for something - probably a bottleneck, but this is not the best approach.
I would recommend you to try to solve the original problem, because this one is more or less impossible and the result will be useless. But if you wish:
which users should be logged exactly? Which actions/conmmands are important? What are the exact details you need? What format is required?

wolodyj · 08-22-2018, 07:23 AM

My client needs a tool that he writes in the log:
1. date and time of the command execution
2. who command execution
3 command
4 Has command ended with success ?
5 User command duration

1-4 i used tool auditd

5. ???

TB0ne · 08-22-2018, 09:27 AM

Quote:

Originally Posted by wolodyj

My client needs a tool that he writes in the log:
1. date and time of the command execution
2. who command execution
3 command
4 Has command ended with success ?
5 User command duration

1-4 i used tool auditd

5. ???

As others have said, this is going to be a fairly large bottleneck on your system. Because you'd have to preface EVERY COMMAND (assuming this is through the CLI only; GUI would be next to impossible) with some sort of script that would note the time of start and end. For every command...and every user. You can preface every command with the 'time' built-in function, but that returns it to the screen. If you want to capture all of this, you'll have to do some scripting and put this in place (somehow).

Since this is for your client, who is paying you...how much do we get for solving this problem?

wpeckham · 08-22-2018, 05:04 PM

I might solve this by downloading the source for the BASH shell and creating a new shell with my patches: to create a new format for command execution lines, perhaps modified history, that would optionally log the required information. If you then make that new shell the default for those users you need to monitor....

How good is your C coding?

lougavulin · 08-22-2018, 05:28 PM

Quote:

Originally Posted by wpeckham

I might solve this by downloading the source for the BASH shell and creating a new shell with my patches: to create a new format for command execution lines, perhaps modified history, that would optionally log the required information. If you then make that new shell the default for those users you need to monitor....

This one interesting way.

Seems more effective than coding a demon looking at process at first. But unfortunately, all process and commands are not launched within a shell session...

wolodyj · 08-23-2018, 03:18 AM

Thanks for help

i will use sysdig

pan64 · 08-23-2018, 03:23 AM

looks like sysdig can only monitor docker. Is this what you need?

lougavulin · 08-23-2018, 03:38 AM

Thanks to let us know.
I did not know sysdig, so I took a quick look and I guess you are going to use the "spy user" function (-c).