In Unix based systems, is there a log file that stores user's executed command(s)?
Asked
Active
Viewed 3,453 times
4
Gilles 'SO- stop being evil'
- 829,060
Navid Farhadi
- 411
-
Are you asking on a per user basis or system-wide logging of user commands? – Arcege Feb 26 '12 at 17:14
-
I want all users commands logging, i have root access to system. – Navid Farhadi Feb 26 '12 at 17:16
-
See also Log every invocation of every SUID program? Is there a log of past threads that are now closed? You may get better answers if you say what you're after: accounting CPU time? Watching for intrusion attempts? Analyzing a break-in post mortem? … – Gilles 'SO- stop being evil' Feb 26 '12 at 23:40
1 Answers
3
Given that you want to track all user commands, you should look at the acct package on your system (on some systems this is also called "process accounting" or psacct). Then after it's been turned on, you can run the lastcomm command to show what programs have been run, by whom, when and for how long. From Google, search "linux acct" for more details.
http://beginlinux.com/blog/2010/01/monitoring-user-activity-with-psacct-or-acct/
http://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html
Arcege
- 22,536
-
2Note that process accounting only logs the command name, which can be forged easily (copy or symlink the executable to the name of your choice). – Gilles 'SO- stop being evil' Feb 26 '12 at 23:37
-
and only logging the command name without its arguments is kind of useless. – fduff Jun 04 '14 at 08:55