legolasthehansy
asked on
Process accounting
Hi Experts,
Has anyone configured psacct package on workstations and send them to a remote syslog server. Here is the scenario,
We have a Red Hat development farm and we need to monitor user activity, process; log and send them to a remote syslog server and trigger alerts if suspicious activity is seen. I have come across the pacct tool but might need to work further on triggers which we can do it at a later stage but before that I need to see if data generated using pacct (namely wtmp, btmp, lastlog etc..) can be sent to remote.
Let me know.
Thanks,
lego
Has anyone configured psacct package on workstations and send them to a remote syslog server. Here is the scenario,
We have a Red Hat development farm and we need to monitor user activity, process; log and send them to a remote syslog server and trigger alerts if suspicious activity is seen. I have come across the pacct tool but might need to work further on triggers which we can do it at a later stage but before that I need to see if data generated using pacct (namely wtmp, btmp, lastlog etc..) can be sent to remote.
Let me know.
Thanks,
lego
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Data collected by psacct cannot be sent to a remote syslog server. One thing which can be done is to dump the output of psacct utilities periodically (using a cron) to an NFS share and then use a utility to read them off the NFS server.
I'm closing this case. Thanks arnold for your suggestion
I'm closing this case. Thanks arnold for your suggestion
ASKER
Thanks for your helpful suggestion.
ASKER
vi /etc/syslog.conf
*.* @ip_address
service syslog restart
I guess the above is not enough and is independent of the psacct tools.
Regards,
lego