HPE Community
Operating System - HP-UX
1828621 Members
6360 Online
109983 Solutions
New Discussion

Re: command log accesibility

 
pawan agrawal
New Member

‎03-24-2010 09:27 PM

‎03-24-2010 09:27 PM

command log accesibility

Hi

i am using hp-ux 11iv2

i need to have log of all the commands executed on the system for last 48 hrs. along with the userid & time stamp on regular basis. please help me
0 Kudos
Reply
9 REPLIES 9
Turgay Cavdar
Honored Contributor

‎03-24-2010 09:49 PM

‎03-24-2010 09:49 PM

Re: command log accesibility

If you want to see "log of all the commands", then auditing must be enabled on your system with the required system calls.If auditing enabled on your system, you can use "audisp" command to see the audir file.

# /usr/bin/audisp /your_audit_file
0 Kudos
Reply
pawan agrawal
New Member

‎03-24-2010 10:32 PM

‎03-24-2010 10:32 PM

Re: command log accesibility

how can i check auditing is enable or not, in my system there is no /usr/bin/audisp directory.
0 Kudos
Reply
Turgay Cavdar
Honored Contributor

‎03-24-2010 10:39 PM

‎03-24-2010 10:39 PM

Re: command log accesibility

Hi,
Type :
# audsys

You should see "auditing system is currently on"...
0 Kudos
Reply
Turgay Cavdar
Honored Contributor

‎03-24-2010 10:41 PM

‎03-24-2010 10:41 PM

Re: command log accesibility

The command audisp may be in /usr/sbin directory...
0 Kudos
Reply
Johnson Punniyalingam
Honored Contributor

‎03-24-2010 10:47 PM

‎03-24-2010 10:47 PM

Re: command log accesibility

>>>>how can i check auditing is enable or not, in my system there is no /usr/bin/audisp directory.<<<<

# audsys
warning: /.secure/etc/audnames does not exist
auditing system is currently off
current file: ** unknown **
next file: ** unknown **
statistics- afs Kb used Kb avail % fs Kb used Kb avail %
current file: ** no data available **
next file: ** no data available **

# ls -l /usr/sbin/*aud*
-r-xr-xr-x 1 bin bin 45056 Aug 26 2004 /usr/sbin/audevent
-r-xr-xr-x 1 bin bin 86016 Jan 30 2006 /usr/sbin/audisp
-r-xr-xr-x 1 bin bin 40960 Sep 3 2003 /usr/sbin/audomon
-r-xr-xr-x 1 bin bin 53248 Aug 26 2004 /usr/sbin/audsys
-r-xr-xr-x 1 bin bin 32768 Aug 26 2004 /usr/sbin/audusr

# uname -a
HP-UX B.11.23 U 9000/800 100901507 unlimited-user license
Problems are common to all, but attitude makes the difference
0 Kudos
Reply
pawan agrawal
New Member

‎03-24-2010 11:03 PM

‎03-24-2010 11:03 PM

Re: command log accesibility

auditing is currently off
o/p of root@cmd1#ll /usr/sbin/*aud* is
-r-xr-xr-x 1 bin bin 55524 Aug 27 2004 /usr/sbin/audevent
-r-xr-xr-x 1 bin bin 149076 Jan 31 2006 /usr/sbin/audisp
-r-xr-xr-x 1 bin bin 39492 Sep 3 2003 /usr/sbin/audomon
-r-xr-xr-x 1 bin bin 67932 Aug 27 2004 /usr/sbin/audsys
-r-xr-xr-x 1 bin bin 36892 Aug 27 2004 /usr/sbin/audusr


is there any method by which log of all command executed on system with userid & time for past 48 hour will automatically save in a file
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎03-24-2010 11:35 PM

‎03-24-2010 11:35 PM

Re: command log accesibility

>Is there any method by which log of all command executed on system with userid & time

Other than auditing, there may be commercial products that do this.
0 Kudos
Reply
pawan agrawal
New Member

‎03-24-2010 11:38 PM

‎03-24-2010 11:38 PM

Re: command log accesibility

Hi

can you please provide me detail of any such product.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.