- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Tracing a user login
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2005 09:05 PM
01-18-2005 09:05 PM
Tracing a user login
I am trying to trace the activities of a user on my servers. I can see him logging on to one server at x time from y IP on to z pts.....he then rlogins across to another server but obviuosly gets allocated a different pts......how can I exactly trace his movement from pts z on server a to pts 4 on server 6?
I've used last -R but it doesn't give me what I need, syslog isn't too helpful either, anywhere else I can look?
Thanks Barbara
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2005 09:18 PM
01-18-2005 09:18 PM
Re: Tracing a user login
With this you can log all that appears on his screen to a file. But keep in mind that the log file grows rapidly.
Anil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2005 09:19 PM
01-18-2005 09:19 PM
Re: Tracing a user login
I don't really understand what you mean. I am trying to trace something that happened already not monitor his future actions......
Cheers Barbara
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2005 09:32 PM
01-18-2005 09:32 PM
Re: Tracing a user login
If you have auditing enabled for that user, you can check audisp, audevent. If auditing is not enabled, then you can only check for failed logins, his command history (it it was set). The command history file is .sh_history in user's home directory.
Anil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2005 09:37 PM
01-18-2005 09:37 PM
Re: Tracing a user login
I am trying to trace what was on his terminal. I am trying to trace just his movement from one server to another.
He started on tty pts/0 on server a and then "rlogined" to server b and was allocated tty pts/a. I need to be able to prove absolutely that it was the same person on both servers and if I can link his pts/a to pts/0 then I have proof. Unforunately he uses a shared account.
Cheers Barbara
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2005 09:37 PM
01-18-2005 09:37 PM
Re: Tracing a user login
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2005 10:42 PM
01-18-2005 10:42 PM
Re: Tracing a user login
Anil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2005 10:47 PM
01-18-2005 10:47 PM
Re: Tracing a user login
I've done all that but those files don't give me exactly what I am looking for. They provide the originating server name but not the tty.
Thanks Barbara
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2005 08:40 PM
01-19-2005 08:40 PM
Re: Tracing a user login
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2005 08:43 PM
01-19-2005 08:43 PM
Re: Tracing a user login
Put this line in the shared user's .profile
HISTFILE=.hist$$;
Then do a "who -u" to get his PID, and "tail -f .hist${PID}"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2005 08:53 PM
01-19-2005 08:53 PM
Re: Tracing a user login
I think you have a problem 'proving' the tty side, especially with a shared account!
You will be able to prove the ipaddress on the second server, but it will only show server one.
Partial proof may be the timestamp?
The rlogin to the second server would be logged in the .sh_history file on the first server.
You may get some more info from the 'last' command on the second server.
Regards