From owner-freebsd-questions@FreeBSD.ORG Wed May 30 09:36:18 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 72FFC16A400 for ; Wed, 30 May 2007 09:36:18 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id 3D10C13C4B7 for ; Wed, 30 May 2007 09:36:18 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 5857 invoked from network); 30 May 2007 19:36:17 +1000 Received: from 203-214-138-113.perm.iinet.net.au (HELO localhost) (203.214.138.113) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 30 May 2007 19:36:17 +1000 Date: Wed, 30 May 2007 19:36:14 +1000 From: Norberto Meijome To: "grace Ingabire" Message-ID: <20070530193614.5a6d86b7@localhost> References: <20070530161437.1eedd9cc@localhost> X-Mailer: Claws Mail 2.9.2 (GTK+ 2.10.12; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: questions@FreeBSD.org Subject: Re: syslog to monitor devices X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 May 2007 09:36:18 -0000 On Wed, 30 May 2007 10:22:09 +0200 "grace Ingabire" wrote: > Thanks for your quick reply. np > Yes, I have seen that file in etc/syslog.conf. > I want to monitor some of my devices, to know exactly who has log in, who is > doing what on my system... It depends a lot on what the server is used for. Is it a file server, a web server? do you offer shell accounts? FTP? email (SMTP / Pop3 / Imap/ Webmail? ) your own web-based service? CVS? SVN? etc,etc,etc - they all provide for "user logging in". And you may also have access to your server from other parties without the need for them to log in - you may have to monitor those too. - you can install the Audit framework . and MAC control if you feel it's necessary (check the handbook for LOTS of info ) : http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ - you can google for "Monitoring users activity freebsd" and you'll see several resources on different things relating to this. - Each different service you provides (well, they should and they usually do) with login information - maybe not by default - you may have to enable logging and increase the verbosity. > Can you advise me a script or any tool to examine the log files as I want to > consider this machine as a server? the command 'last' will show you logins ( man last): [betom@ayiin] [Wed May 30 19:29:04 2007] ~ $ last reboot ~ Wed May 30 14:14 betom ttyp0 :0.0 Wed May 30 14:14 - crash (00:00) betom ttyp0 :0.0 Wed May 30 14:14 - 14:14 (00:00) betom :0 Wed May 30 14:13 - crash (00:00) shutdown ~ Wed May 30 14:12 betom ttyp3 :0.0 Wed May 30 09:44 - 13:08 (03:23) betom ttyp3 :0.0 Wed May 30 09:44 - 09:44 (00:00) betom ttyp0 :0.0 Wed May 30 09:36 - shutdown (04:35) betom ttyp0 :0.0 Wed May 30 09:36 - 09:36 (00:00) ( yes, there is no specific *answer* in this email , because the ground to cover is too vast (unless you want to hire me :D ). the more specific the question, the more accurate the answer...so, start by asking, what *specific* problem are you trying to solve? :) B _________________________ {Beto|Norberto|Numard} Meijome "Religion is what the common people see als true, the wise see as false, and the rulers see as useful." Seneca I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.