Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
Is there any way to view the any user activity/ commands history and date,time in the system?
I look at the /var/log/secure but I can find only the login/ logout attempts and "history" command doesn't come with date/time that the user issue the commands. Any there any best practice to audit the user activities inside the system ? Pls. advise.
By default the history log doesn't save date and time information but you can configure it to do so. Have a look at this site, it explains how to configure it. There's a lot of information about auditing in RHEL on the internet, do a search for 'auditd RHEL' and you'll get tons of resources. One of them that explains it in easy terminology and that gives you the basics to get started is this one.
Hi EricTRA,
Really appreciate your info. I managed to do it. But only the last 200+ ( for 1 page only )command only seen. If I want to see from command start day 1 to last command , how would I able to configure it accordingly? And I can't use " | more " parameter in order to see page by page from day 1 to last command. Pls. advise. Thanks a lot.
Hi EricTRA,
Really appreciate your info. I managed to do it. But only the last 200+ ( for 1 page only )command only seen. If I want to see from command start day 1 to last command , how would I able to configure it accordingly? And I can't use " | more " parameter in order to see page by page from day 1 to last command. Pls. advise. Thanks a lot.
Hi EricTRA,
Really appreciate your info. I managed to do it. But only the last 200+ ( for 1 page only )command only seen. If I want to see from command start day 1 to last command , how would I able to configure it accordingly? And I can't use " | more " parameter in order to see page by page from day 1 to last command. Pls. advise. Thanks a lot.
Hello,
You're welcome. I assume you're referring to the history. Have a look at this site on what settings you can change. Normally your history, when using the default settings, would only keep something like the last 500 commands, including duplicates. So if you want to keep track of a longer period (more commands) you'll have to configure it as indicated in the site I pointed to (and also the one pointed out by micxz. If you want to see history from day one as you state then you're out of luck. If not in the history then you can forget that I'm afraid.
Kind regards,
Eric
Last edited by EricTRA; 04-27-2011 at 02:14 AM.
Reason: Forgot the link
Hi Eric and micxz,
Thanks for your quite helpful information and I was exploring these days and utilize for my job.But I am wondering where I am able to view the "rcp" file transfering attempts from server "A" to my server "B" inside /var/log/ . So far I cannot find any of the /var/log/messages and /var/log/secure logs . And am I able to view the successful and fail "rcp" file transfer attempts to my sever log file ? Pls. advise.
I've never worked with rcp to copy files from one server to another, I always use scp which is a lot more secure I believe. But I've found this on the internet that might be helpful:
Quote:
Look in the .rhost files in ~user home directories and /etc/auth.conf
Hi,
Thanks. But for project requirement and offline usage , we need to use "rcp" command instead of "scp". Do you have any idea where should I configure the time out setting for "rcp"?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.