From owner-freebsd-questions Tue Dec 29 11:03:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA00513 for freebsd-questions-outgoing; Tue, 29 Dec 1998 11:03:59 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from hqinbh1.ms.com (hqinbh1.ms.com [205.228.12.71]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA00508 for ; Tue, 29 Dec 1998 11:03:58 -0800 (PST) (envelope-from schmidtw@ms.com) Received: (from uucp@localhost) by hqinbh1.ms.com (8.8.6/fw v1.30) id OAA26202; Tue, 29 Dec 1998 14:03:28 -0500 (EST) Received: from unknown(144.14.19.186) by hqinbh1.ms.com via smap (4.1) id xma026169; Tue, 29 Dec 98 14:03:03 -0500 Received: from ms.com (saitpc997.morgan.com [144.14.42.143]) by sasmh1.ms.com (8.8.5/hub+ldap v2.2) with ESMTP id OAA09889; Tue, 29 Dec 1998 14:03:03 -0500 (EST) Message-ID: <36892767.44CAD802@ms.com> Date: Tue, 29 Dec 1998 14:03:04 -0500 From: Wayne Schmidt Reply-To: schmidtw@ms.com Organization: Morgan Stanley Dean Witter & Co. X-Mailer: Mozilla 4.06 [en] (WinNT; I) MIME-Version: 1.0 To: Jerry Raynor CC: questions@FreeBSD.ORG Subject: Re: tracking users (telnet/FTP) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG what about supply some logics around lsof? that's the type of audit trail you seem to be asking for, and with that tool, you can marry it to a variety of triggers you yourself could configure. I hope that this helps. --wayne - Jerry Raynor wrote: > tail the logs?? > > I know all about last, who, the logs etc.. I was wonder if there was a > way you can actaully track the user through the system, the command they > issue, recreate the connection etc.. (hours later if need be) I obviously > can't be up 24hrs a day! :) and if I could my gf would be pissed, sleep > is the only reason I come away from the machine. > > Thanks! > > On Tue, 29 Dec 1998, Paul wrote: > > > You could "tail" the logs..... > > > > At 08:28 PM 12/28/98 +0000, Robert wrote: > > >Try the "last" command. > > > > > >Also, logs are in /var/log/ > > > > > >-rob > > >( www.namodn.com ) > > >( robert@namodn.com ) > > > > > >On Mon, 28 Dec 1998, Jerry Raynor wrote: > > > > > >> How can you or where can I get info on track users who telnet or FTP in. > > >> Commands etc... > > >> > > >> Thanks > > > > Best regards, > > Paul Jacobs > > Commerce Service Provider (CSP) > > Internet Presence Provider (IPP) > > http://www.netpacq.com > > mailto:paul@netpacq.com > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message