syslog to monitor devices

Norberto Meijome freebsd at meijome.net
Wed May 30 09:36:18 UTC 2007 

On Wed, 30 May 2007 10:22:09 +0200
"grace Ingabire" <ingabireg at terracom.rw> wrote:

> Thanks for your quick reply.
np

> Yes, I have seen that file in etc/syslog.conf.
> I want to monitor some of my devices, to know exactly who has log in, who is
> doing what on my system...

It depends a lot on what the server is used for. Is it a file server, a web
server? do you offer shell accounts? FTP? email (SMTP / Pop3 / Imap/ Webmail? )
your own web-based service? CVS? SVN? etc,etc,etc - they all provide for "user
logging in". And you may also have access to your server from other parties
without the need for them to log in - you may have to monitor those too.


- you can install the Audit framework . and MAC control if you feel it's
necessary (check the handbook for LOTS of info ) :
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/

- you can google for "Monitoring users activity freebsd" and you'll see several
resources on different things relating to this. 

- Each different service you provides (well, they should and they usually do)
with login information - maybe not by default - you may have to enable logging
and increase the verbosity.

> Can you advise me a script or any tool to examine the log files as I want to
> consider this machine as a server?

the command 'last' will show you logins ( man last):

[betom at ayiin] [Wed May 30 19:29:04 2007]
~
$ last
reboot           ~                         Wed May 30 14:14
betom            ttyp0    :0.0             Wed May 30 14:14 - crash  (00:00)
betom            ttyp0    :0.0             Wed May 30 14:14 - 14:14  (00:00)
betom            :0                        Wed May 30 14:13 - crash  (00:00)
shutdown         ~                         Wed May 30 14:12
betom            ttyp3    :0.0             Wed May 30 09:44 - 13:08  (03:23)
betom            ttyp3    :0.0             Wed May 30 09:44 - 09:44  (00:00)
betom            ttyp0    :0.0             Wed May 30 09:36 - shutdown  (04:35)
betom            ttyp0    :0.0             Wed May 30 09:36 - 09:36  (00:00)


( yes, there is no specific  *answer* in this email , because the ground to
cover is too vast (unless you want to hire me :D ). the more specific the
question, the more accurate the answer...so, start by asking, what *specific*
problem are you trying to solve?

:)
B
_________________________
{Beto|Norberto|Numard} Meijome

"Religion is what the common people see als true, the wise see as false, and
the rulers see as useful." Seneca

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.

More information about the freebsd-questions mailing list