Я хочу получить несколько журналов с моего сервера, но не общие журналы, такие как syslog
, что дает мне много случайных журналов. Я хочу знать, как я могу получить журналы таких вещей, как логины (с указанием времени, IP и имени пользователя), команды, которые выполнял пользователь, выполняемые в то время процессы и тому подобное.
For logins: look at the last
command.
For what commands they ran: look at the lastcomm
command. Additionally, any privileged command run with sudo
will be in the system logs.
To log commands run by people, you need to enable Linux Process Accounting. This should be in a package named acct
(on Debian, probably something similar on redhat-based distributions), and comes in two pieces. The first is accton
which is a command run at boot that tells the kernel to log everything that runs (your package should set this up for you). The other part is a collection of utilities that read the log file and print useful information from it. On Debian this includes
dump-acct
which decodes the binary log file and dumps the data as textsa
which does more-or-less the same but focuses on extracting programs run.lastcomm
which dumps the log for a specific terminal, user, or command.And a few others for figuring out how long people were connected. You'll need to decide what exactly you want to get from the logs, since a lot of stuff is recorded, but this site has some examples of things you can do.
Чего именно вы пытаетесь достичь? Возможно, вы захотите включить функцию BASH-истории и включить там отметки времени. Но это не даст вам информации о процессах, запущенных в определенное время.