HPE Community
Operating System - HP-UX
1753528 Members
5103 Online
108795 Solutions
New Discussion

Auditing/monitoring user input

 
MAD_2
Super Advisor

‎08-29-2003 05:58 AM

‎08-29-2003 05:58 AM

Auditing/monitoring user input

I need to find out if someone can help me regarding how to monitor/audit user input.

Basically, I would like to stay away from turning auditing on, unless someone can help me with the specific events I should be turning on for the specific purpose of monitoring user commands and creation, modification, or deletion of files. Specifically I would like to capture:
- user login
- user log out
- user commands
- user addition/deletion/change of files

I was advised to use "script", however the downfall here is that there is no time-stamp, and I am also interested on time stamps. Furtheremore, we end up with those bogus end or line CR characters recorded while using script and also the comment that Pete Randall presented regarding adding script to /etc/profile.

Here are some other threads I started regarding this subject:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x5ad989dc1dbf1240bef5d48e6b7234d8,00.html

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x416c613d9417d84780f71cb480c47f06,00.html

Any scripts out there, ideas, tools that are not extremely expensive?

Thanks for your comments.
Contrary to popular belief, Unix is user friendly. It's just very particular about who it makes friends with
0 Kudos
Reply
1 REPLY 1
MAD_2
Super Advisor

‎08-30-2003 11:22 AM

‎08-30-2003 11:22 AM

Re: Auditing/monitoring user input

OK, I thought I bring to the top to give it a second chance and see if anyone can share some ideas regarding this subject.

In addition to the accounts monitoring/auditing, I have been making progress on system performance monitoring and setup the Big Brother application... Really nice. Now I am thinking about implementing "Big Sister" too (http://bigsister.graeff.com/), but I am finding some problems:

1. I have one Unixware 7.x and 1 SunOS 5.5.1 (neither has gcc or make installed) that I have set up as clients, but the only components monitored at this time are the newtork components, since I have not been able to successfully set them up as clients.
2. I don't seem to be able to get into any site where I can download software for Unixware (I guess their websites are being attacked or something).
3. I also need a few other components before I can proceed (it appears the only systems I can do something about are my 2 HPs)

Thanks for any help!
Contrary to popular belief, Unix is user friendly. It's just very particular about who it makes friends with
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.