racy
asked on
How can I log user action?
I am running Solaris 2.5.1 and would like to log all user action. For example, I would like to know what commands users have done, files changed by them, etc - even where they have been, if possible. Can this be done?
Thanks,
racy
Thanks,
racy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi
Under Solaris accounting is off by default on a new system.
To start accounting at boot you need to create an entry in /etc/rc2.d or /etc/rc3.d by linking the file /etc/init.d/acct to /etc/rc2.d/S22acct.
This file executes the command /bin/su - adm -c /usr/lib/acct/startup
Create a shutdown entry by linking the same file to /etc/rc0.d/K22.acct.
This file executes the command /usr/lib/acct/shutacct.
You will then need to set up various crons for the various accounting utilities and to control the accounting file sizes. (Beware these can become quite large, there is also a small overhead on system performance when using accounting).
You really need to read up a bit on accounting before continuing, the answerbooks are probably a good place to start.
Under Solaris accounting is off by default on a new system.
To start accounting at boot you need to create an entry in /etc/rc2.d or /etc/rc3.d by linking the file /etc/init.d/acct to /etc/rc2.d/S22acct.
This file executes the command /bin/su - adm -c /usr/lib/acct/startup
Create a shutdown entry by linking the same file to /etc/rc0.d/K22.acct.
This file executes the command /usr/lib/acct/shutacct.
You will then need to set up various crons for the various accounting utilities and to control the accounting file sizes. (Beware these can become quite large, there is also a small overhead on system performance when using accounting).
You really need to read up a bit on accounting before continuing, the answerbooks are probably a good place to start.
ASKER
Thanks again..perfect explanation. Just one more question, and I'll leave you alone. Where can I get these 'answerbooks'? Solaris seems to have a lack of published books.
Hi
Answerbooks are electronic books supplied with Solaris.
You should find a pack of CDs which came with Solaris and one of these should contain the answerbooks. The one you will be most interested in is the System Administration answerbook. Once installed answerbooks are launched from the Programs menu in openwindows, this launches a gui which lists all installed answerbooks and has search facilities etc.
Get back to me anytime, or email me snorman@pavilion.co.uk
Answerbooks are electronic books supplied with Solaris.
You should find a pack of CDs which came with Solaris and one of these should contain the answerbooks. The one you will be most interested in is the System Administration answerbook. Once installed answerbooks are launched from the Programs menu in openwindows, this launches a gui which lists all installed answerbooks and has search facilities etc.
Get back to me anytime, or email me snorman@pavilion.co.uk
ASKER