HPE Community
Operating System - HP-UX
1838469 Members
2977 Online
110126 Solutions
New Discussion

How to check user activity?

 
Luca Frigatti
Contributor

‎11-19-2001 07:42 AM

‎11-19-2001 07:42 AM

How to check user activity?

Hi all!
I have a little problem on HP-UX.
I must check the user activity.
Is there a file (or a command) that I can control to understand the operation that the users do on my HP-UX server?

Thanks in advance for your help and your support.

Best regards,

Luca
0 Kudos
Reply
11 REPLIES 11
A. Clay Stephenson
Acclaimed Contributor

‎11-19-2001 07:44 AM

‎11-19-2001 07:44 AM

Re: How to check user activity?

Well, the very first one is ps -ef. Next, try top. Next try whodo (if enabled).
If it ain't broke, I can fix that.
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎11-19-2001 07:45 AM

‎11-19-2001 07:45 AM

Re: How to check user activity?

What kind of activity? At the shell levels? You could monitor their shell history files. Your best bet is to keep users OUT of shells and give them menu driven access to commands.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Craig Rants
Honored Contributor

‎11-19-2001 07:46 AM

‎11-19-2001 07:46 AM

Re: How to check user activity?

Look at their shell history. The .sh_history file in their home directory should contain their activity. This depends on their shell however.

Good Luck,
C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎11-19-2001 07:47 AM

‎11-19-2001 07:47 AM

Re: How to check user activity?

Hi:

Use:

# last

...for historical reporting

# who -u

...for currently logged-on account information

See the man pages for 'last'. If /var/adm/wtmp does not exist, touching this file will enable the recording of the "last" user login information. Unsuccesful logins are correspondingly captured in /var/adm/btmp if that file is present, and queried with 'lastb'.

Both files will grow without bounds and can be nulled with:

cat /dev/null > /var/adm/wtmp
cat /dev/null > /var/adm/btmp

Regards!

...JRF...
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎11-19-2001 08:00 AM

‎11-19-2001 08:00 AM

Re: How to check user activity?

Hi Luca,

Take a look at the thread below,

http://us-support.external.hp.com/cki/bin/doc.pl/sid=c8e3e5bd0a556ac3bb/screen=ckiDisplayDocument?docId=200000057441905

Hope this helps.

Regds
0 Kudos
Reply
Marco Paganini
Respected Contributor

‎11-19-2001 08:05 AM

‎11-19-2001 08:05 AM

Re: How to check user activity?

Hello

One way is to add 'script' to your /etc/profile for the users you want to monitor. Like this:

USERNAME=`who am i | awk "{ print $1 }"
date >>$path_to_logfile/script.$USERNAME
exec script -a /path_to_logfile/script.$USERNAME


This will create a file named "script.your_user_name" in the directory you specify with everything typed by your users (and also the screens they saw). Remember to clean this file from time to time, since it can grow really fast. Also, notice your users can (by default) delete this file. You have to take measures to avoid it (if that's the case).

Regards,
Paga
Keeping alive, until I die.
0 Kudos
Reply
Marco Paganini
Respected Contributor

‎11-19-2001 08:07 AM

‎11-19-2001 08:07 AM

Re: How to check user activity?

Oops!

:)

On my answer above, please fix this line:

USERNAME=`who am i | awk "{ print $1 }"`

Notice the closing backtick operator! :)

Regards
Paga
Keeping alive, until I die.
0 Kudos
Reply
Santosh Nair_1
Honored Contributor

‎11-19-2001 08:10 AM

‎11-19-2001 08:10 AM

Re: How to check user activity?

One way would be to monitor the user's history file. But since the user has write permissions to this file, conceivably the user could edit the file. Another way would be to turn on system accounting. The down side to this solution is that there is a performance penalty when you turn this on (somewhere around 20% from what I remember).

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎11-19-2001 08:12 AM

‎11-19-2001 08:12 AM

Re: How to check user activity?

Hi,

One other tool which you will find useful would be lsof, which would allow you to in particular:

1) identify the currently opened files of a user's processes

2) identify the current network connections of a user's processes

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
Roger Baptiste
Honored Contributor

‎11-19-2001 08:12 AM

‎11-19-2001 08:12 AM

Re: How to check user activity?

hi,

Easiest way is to set HISTORY for their accounts. Go into $HOME/.profile of each
user and set
HISTFILE=$HOME/.sh_history
HISTSIZE=1024 (default size in Kb)

Then, whenever you want you can peer at this file to see the commands they executed.But remember it can be deleted by the user itself! ;-)

To know what a user is running at any time:
do ps -ef |grep userid

HTH
raj
Take it easy.
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎11-19-2001 08:40 AM

‎11-19-2001 08:40 AM

Re: How to check user activity?

Hi,

In addition, if you want to monitor system calls and operations, you will need to convert HP-UX to trusted mode and enable auditing for this particular user.

Hope this helps. Regards.

Steven Sim Kok Leong
Brainbench MVP for Unix Admin
http://www.brainbench.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.