https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015525#M47951 Thanks for the feedback. I went with sudo.<BR />R,<BR />D Tue, 26 Feb 2008 16:07:27 GMT Duffs 2008-02-26T16:07:27Z https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015517#M47943 Hi,<BR /><BR />I am using RedHat AS4 and I need to capture the ssh login details of different users including the commands they use whilst logged in. So far this level of detail does not get logged in either the messages file or the secure log file.<BR /><BR />Does anybody know of additional software or possibe ssh logging options that might enable me capture this amount of detail?<BR /><BR />Rgds,<BR />D. Thu, 23 Nov 2006 04:40:49 GMT https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015517#M47943 Duffs 2006-11-23T04:40:49Z https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015518#M47944 Hello!<BR /><BR />Usually you can see the ssh log connection into /var/log/secure.<BR /><BR />If i remember, iptables write into this log files and you can see there. Thu, 23 Nov 2006 04:59:06 GMT https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015518#M47944 Alpha977 2006-11-23T04:59:06Z https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015519#M47945 Hi,<BR /><BR />I know that the secure log provides limited ssh detail but it does not include the commands that are used by individual users while logged in. I am not using iptabes and have SElinux disabled so this is of no use to me.<BR /><BR />R,<BR />D. Thu, 23 Nov 2006 05:36:04 GMT https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015519#M47945 Duffs 2006-11-23T05:36:04Z https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015520#M47946 You can use process accounting (accton, lastcomm, etc). <BR /><BR />Another option is to use the script command. Add the script command to the /etc/profile catching selected user (if). See man script for details. Thu, 23 Nov 2006 08:05:27 GMT https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015520#M47946 Ivan Ferreira 2006-11-23T08:05:27Z https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015521#M47947 If you need that level of auditing you can't rely on /etc/profile or any other login script because they're too easy to bypass. If you only want to audit shared accounts like oracle a locked password and proper sudo access would do it. Another option is to use a special auditing shell such as EASH that captures all keystrokes, but that is extremely invasive and may log sensitive information such as passwords. Mon, 27 Nov 2006 17:35:13 GMT https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015521#M47947 Heironimus 2006-11-27T17:35:13Z https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015522#M47948 Hi Duffs,<BR /><BR /> Power Broker is the software you are looking for. It can do more than just loging the activities of the user.<BR />You can get more details on this site.<BR /><A href="http://www.symark.com/powerbroker.htm" target="_blank">http://www.symark.com/powerbroker.htm</A><BR /><BR />SUDO also can help you in this case.<BR /><A href="http://www.gratisoft.us/sudo/sudo.html" target="_blank">http://www.gratisoft.us/sudo/sudo.html</A><BR /><BR /><BR />Regards<BR />Silju Tue, 28 Nov 2006 04:03:28 GMT https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015522#M47948 Silju 2006-11-28T04:03:28Z https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015523#M47949 Change <BR />LogLevel<BR />in /etc/ssh/sshd_config<BR /><BR />The possible values are: QUIET, FATAL, ERROR, INFO,VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. The default is INFO. Tue, 28 Nov 2006 14:15:06 GMT https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015523#M47949 George Liu_4 2006-11-28T14:15:06Z https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015524#M47950 See also:<BR /><BR />Enterprise Audit Shell (eash) Tue, 28 Nov 2006 15:41:43 GMT https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015524#M47950 Ivan Ferreira 2006-11-28T15:41:43Z https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015525#M47951 Thanks for the feedback. I went with sudo.<BR />R,<BR />D Tue, 26 Feb 2008 16:07:27 GMT https://community.hpe.com/t5/operating-system-linux/linux-log/m-p/5015525#M47951 Duffs 2008-02-26T16:07:27Z