https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004442#M425133 Hi Gene,<BR /><BR />1. The 'history' built-in will show you the last 15 commands. This command history is stored in $HISTFILE, which is set to ~/.sh_history, by default. As long as $HISTFILE is set, and $HISTSIZE is not 0, command history will be recorded.<BR /><BR />2. # uptime<BR /><BR />PCS Wed, 20 Sep 2006 11:25:15 GMT spex 2006-09-20T11:25:15Z https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004439#M425130 Is it possible to log the commands a user types in at either the console or a telnet session? I ask because I want to see if someone, or hell maybe even me, issued an hpvmstop command to shut off our virtual machines. I came in today and they were all stopped.<BR />Is this possible?<BR /><BR />Also, how can I get the "Uptime" of the HP-UX server just in case it ASR'd? OS is HP-UX 11i v2 on an rx2620. Wed, 20 Sep 2006 11:06:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004439#M425130 Gene Laoyan 2006-09-20T11:06:34Z https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004440#M425131 <!--!*#-->Hello,<BR /><BR />i think you can use script(1) for record a session user, you could put it in the user profile for automatic launch (never tested).<BR /><BR />good luck Wed, 20 Sep 2006 11:22:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004440#M425131 mobidyc 2006-09-20T11:22:08Z https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004441#M425132 Gene,<BR /><BR />I would check the history file to see if the command is listed there. It won't tell you who did it, but we asume it was somebody with root privileges.<BR /><BR />Also if you need to track those type of things down, I would convert to a trusted system or install sudo in the machine, to give priviledges to what users can execute or even check what user what the one that exected a certain command in the future.<BR /><BR />Regards,<BR /><BR />Jaime. Wed, 20 Sep 2006 11:23:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004441#M425132 Jaime Bolanos Rojas. 2006-09-20T11:23:11Z https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004442#M425133 Hi Gene,<BR /><BR />1. The 'history' built-in will show you the last 15 commands. This command history is stored in $HISTFILE, which is set to ~/.sh_history, by default. As long as $HISTFILE is set, and $HISTSIZE is not 0, command history will be recorded.<BR /><BR />2. # uptime<BR /><BR />PCS Wed, 20 Sep 2006 11:25:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004442#M425133 spex 2006-09-20T11:25:15Z https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004443#M425134 script solution can easily be circumvented by writing over the log file byu the user issuing the questionable commands. So, even though it is a way, it does not give you the untampered logs you may want to see, right after a suspicious diappearance of a critical file.<BR /><BR />check powerbroker from symark (<A href="http://symark.com)" target="_blank">http://symark.com)</A> It has capability of logging commands to a remote server (where you keep eternal users away from). It is not free. Actually it may be quite costly for a casual logging. But at the same time, it gives you the ability to show untampered logs to the Sarbanes-Oxymoron auditors. It makes them so happy, you can not imagine :) Wed, 20 Sep 2006 11:42:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004443#M425134 Mel Burslan 2006-09-20T11:42:38Z https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004444#M425135 Thanks everyone! Wed, 20 Sep 2006 11:47:34 GMT https://community.hpe.com/t5/operating-system-hp-ux/system-command-logging/m-p/5004444#M425135 Gene Laoyan 2006-09-20T11:47:34Z