- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Event logs including info about system and use...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-20-2009 02:45 PM
тАО04-20-2009 02:45 PM
I want to know about when a user logged in system, Which IP was used by user, What kind of commands were used by user, Which processes were run by user etc.
So How can reach this information, where are the log files including those information?
Can anybody show me the related log file path?
Thanks,
Ali Kemal.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-20-2009 08:10 PM
тАО04-20-2009 08:10 PM
Re: Event logs including info about system and users activities
For the commands and processes, you must enable auditing.
You might be able to look at some of their shell history file but that's not accurate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-21-2009 03:13 AM
тАО04-21-2009 03:13 AM
Re: Event logs including info about system and users activities
more /home/user/.sh_history file
but no time stamp in there.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-21-2009 08:46 AM
тАО04-21-2009 08:46 AM
Re: Event logs including info about system and users activities
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-21-2009 06:06 PM
тАО04-21-2009 06:06 PM
Re: Event logs including info about system and users activities
if you want to enabled more logs can convert your system in trusted system,
you may get more help from hp documents for this.
http://www.docs.hp.com/en/B2355-90121/ch01s07.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2009 04:23 PM
тАО04-28-2009 04:23 PM
Re: Event logs including info about system and users activities
Dennis, I couldn't see IP info but login/logout info are OK. How is it possible to see IP information also?
Hakki, the file ".sh_history" is a little useful as you said. How can I see the user actions with time stamp as I told?
Is there any method on system?
Thanks a lot,
Ali KEMAL.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-28-2009 05:40 PM
тАО04-28-2009 05:40 PM
SolutionTHe man page is very helpful. Use the commands:
last -R -100
(to list the last 100 logins with IP address)
last -R -20 billh
(to list the last 20 logins for billh)
> the file ".sh_history" is a little useful as you said. How can I see the user actions with time stamp as I told?
The .sh_history is created by the shell (sh, ksh, etc) but has no option to add a timestamp. You could write a script to append a timestamp at the end of the file every few hours, but this can make the shell history recall a bit unpredictable.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2009 02:20 AM
тАО04-29-2009 02:20 AM
Re: Event logs including info about system and users activities
I could not see the new records on a server after using "last -R -100". What might happen?
After "last -R -20 -f /var/adm/wtmp" output,
I see that the last record is "Apr 20".
I couldn' see even the last record on the file by "last -R -100". And there are no new records on the file after that date.
What is the problem? Is it working the logging system?
Thanks,
Ali KEMAL.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-29-2009 07:30 AM
тАО04-29-2009 07:30 AM
Re: Event logs including info about system and users activities
Since last(1) reverses the order, which direction did you mean by "new records"?
Did you mean there are no entries for Apr 21 and later in time?
>After "last -R -20 -f /var/adm/wtmp" output, I see that the last record is "Apr 20". I couldn't see even the last record on the file by "last -R -100". And there are no new records on the file after that date.
You're saying last(1) indicates nobody has logged on since Apr 20?
How big is the file? It could have been corrupted on april 20?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-30-2009 02:23 AM
тАО04-30-2009 02:23 AM
Re: Event logs including info about system and users activities
Did you mean there are no entries for Apr 21 and later in time?
I use the same command on the other servers, no problem. And yes, no entries for Apr 21 and later in time?
And, as I said, When I use "last" I could not see the entry "Apr 20" which exist in the file "wtmp".
>You're saying last(1) indicates nobody has logged on since Apr 20?
How big is the file? It could have been corrupted on april 20?
Yes, I am saying exactly what you said.
wtmp 94000 and wtmps ~2147483000
So, If it is corrupted, how can i solve this?
NOTE: I can get the correct info from the command "lastb".
Thanks,
Ali KEMAL.