Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Log of dial-up session - keystroke logging?

Jon Evans_1
Occasional Visitor

Log of dial-up session - keystroke logging?

Hi

Anyone have any ideas on how to keep a log of a dialup session to my system?

I need to monitor what the remote customer does exactly.

I thought about $SET HOST 0/LOG=mumble in the LOGIN.COM, but this seems a bit silly as they'd have to login twice and I can't see a way from preventing them breaking out of it easily. MONITOR & AUDIT won't really supply the info I need.

Thoughts anyone?

TIA
Jon
14 REPLIES
labadie_1
Honored Contributor

Re: Log of dial-up session - keystroke logging?

there is a LOGGER utility. It should match your needs.

http://www.decus.org/libcatalog/description_html/v00508.html
Volker Halle
Honored Contributor

Re: Log of dial-up session - keystroke logging?

Jon,

there is SYS$EXAMPLES:ALPHA_LOGGER.C which may provide this kind of functionality.

Volker.
Jon Evans_1
Occasional Visitor

Re: Log of dial-up session - keystroke logging?

Thanks for the prompt response gentlemen.

Unfortunately the FTP link in Labadie's reply is dead - I'll try and track it down via other routes.

Thanks Volker, but my C knowledge is non-existent. I'll have to look at this one as a last resort.

Jpn
Volker Halle
Honored Contributor

Re: Log of dial-up session - keystroke logging?

Jon,

you don't need to know ANY C to build and run. ALPHA_LOGGER.C is a ready-to-run example:

$ cc alpha_logger
$ link alpha_logger
$ run alpha_logger

$ show proc
$ LOGO

$ TYPE SESSION.LOG

Volker.
Jon Evans_1
Occasional Visitor

Re: Log of dial-up session - keystroke logging?

Thanks Volker - I'll give it a whirl and report back here.........
Wim Van den Wyngaert
Honored Contributor

Re: Log of dial-up session - keystroke logging?

In 1990 there was a product called VIDEO that did the job. No more details ...

Wim
Wim
Wim Van den Wyngaert
Honored Contributor

Re: Log of dial-up session - keystroke logging?

Wonder if Raxco bought it ...

http://www.raxco.co.uk/product.asp?ProductID=92

Wim
Wim
Jan van den Ende
Honored Contributor

Re: Log of dial-up session - keystroke logging?

Jon,


I thought about $SET HOST 0/LOG=mumble in the LOGIN.COM, but this seems a bit silly as they'd have to login twice and I can't see a way from preventing them breaking out of it easily.


And still, this WAS our solution when we needed it!

- Have them (telnet) into a system (DISCONTROL_Y & CAPTIVE), with a LOGIN.COM that tells them their keystrokes get logged (at least in the Netherlands, you are not allowed to do that without informing each & every time that you are doing that), and then SET HOST/LOG to the actual target machine (fixed username and password, to be verified by LOGIN.COM in the target machine). Upon logout from there automaticcaly logout from the "logger" system.

Perhaps not high tech, but good enough for us at the time.

hth

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Wim Van den Wyngaert
Honored Contributor

Re: Log of dial-up session - keystroke logging?

Also problem is that not everything get logged. Graphical tools like amds, console manager, etc. If that is possible thru your dial up.

And there are lots of tools/applications making a mess of the output. And sometimes it is just that that needs to be logged (did someone change the salary db ?).

Wim
Wim
Thomas Ritter
Respected Contributor

Re: Log of dial-up session - keystroke logging?

We have our dial in modems connected to a terminal server. We then use the autologin feature to connect to any host, which forces another login. The user only enters one password.

Use sysman for alf. Example

$ mc sysman alf show
%SYSMAN-I-ALFFIL, contents of ALF database on node TEST
Terminal/Port Name Username
-------------------------------------- --------
MODEM_SERVER/MODEM1 DIALIN1
MODEM_SERVER/MODEM2 DIALIN2

Explore ALF. Not a well know feaure but useful. Entry is via sysman.



John Gillings
Honored Contributor

Re: Log of dial-up session - keystroke logging?

Jon,

> thought about $SET HOST 0/LOG=mumble
>in the LOGIN.COM, but this seems a
>bit silly as they'd have to login twice

Not entirely! You can setup a pair of accounts for each user. An "outer" and "inner". The purpose of the outer account is the initial login and to manage the logs. It's captive and has NO PASSWORD! It then does:

$ SET HOST 0/LOG INNER

(or more likely "USER_SECURE" or similarly generated username).

Since you've given SET HOST the username, all it prompts for is the password. The LGICMD of the inner account can verify that it's logged in from the outer account, so you've enforced the logging.

The user only sees one Username and one Password prompt, but there may be output in between. Since the usernames are separate, you can secure the logs very well. You could even put the "outer" usernames on a different system, and have a split network so the inner system is physically inaccessible except through the logging system.

The whole thing can be setup very easily with about 50 lines of DCL.
A crucible of informative mistakes
Thomas Ritter
Respected Contributor

Re: Log of dial-up session - keystroke logging?

Following on the John, ALF creates the outer account and you use your user id and password for the inner account. If your modems are connected to Terminal servers, then by all means try ALF.
Volker Halle
Honored Contributor

Re: Log of dial-up session - keystroke logging?

re: John,

$ set ho 0/log inner
%DCL-W-MAXPARM, too many parameters - reenter command with fewer parameters
\INNER\

Does this involve any undocumented feature ?

Volker.
Jon Evans_1
Occasional Visitor

Re: Log of dial-up session - keystroke logging?

Thanks everyone for the suggestions.

Not really wanting to pay for any software for this solution so the RAXCO product is out, but it would do what I want. Thanks.

Terminal server/ALF solution not really suitable for this - we only have a thinwire 10mb DS90TL and I don't want to open the whole full modem-control supported DECserver argument........

I'm following up the LOGGER program and my original idea.

Thanks again.

Jon