Timeline for How do I add network or user source connection data to history entries?
Current License: CC BY-SA 3.0
18 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Feb 20, 2013 at 4:04 | answer | added | Rahul Patil | timeline score: 1 | |
| Jan 21, 2013 at 2:32 | answer | added | Christopher | timeline score: 1 | |
| Sep 16, 2012 at 17:38 | history | edited | Gilles 'SO- stop being evil' | edited tags | |
| Apr 12, 2012 at 13:54 | history | notice removed | CommunityBot | ||
| Apr 12, 2012 at 13:54 | history | bounty ended | CommunityBot | ||
| Apr 9, 2012 at 15:16 | comment | added | llua | hm,since PROMPT_COMMAND= just runs normal commands before the next prompt, couldn't you write a function calling sed/awk that works on the last line of the history file to add in the information. then call that function in PROMPT_COMMAND= to append the data? it would be hackish but should do the job. | |
| Apr 9, 2012 at 14:25 | comment | added | 2bc | I suppose that instead of telling me to rethink it you might make a suggestion. If I did not think it was properly descriptive I would not have added it. I give an extremely descriptive explanation of what I want to see with examples, how much more detailed can I be. | |
| Apr 9, 2012 at 4:36 | comment | added | poige | Even the Subject line is unclear. I think you'd better rethink what you need and what you're asking. | |
| Apr 4, 2012 at 14:39 | history | tweeted | twitter.com/#!/StackUnix/status/187550034219384832 | ||
| Apr 4, 2012 at 12:36 | history | notice added | 2bc | Draw attention | |
| Apr 4, 2012 at 12:36 | history | bounty started | 2bc | ||
| Mar 27, 2012 at 22:33 | history | edited | 2bc | CC BY-SA 3.0 | added edit 2 |
| Mar 27, 2012 at 22:32 | comment | added | 2bc | It is on Linux, I will edit my question to make that clear. auditd is a lot like inotify you have to tell it what to monitor for changes. Individual files, directories, etc.. I don't want to go to that level of configuration. In fact (I do) but essentially don't care so much. I have puppet to handle that stuff. auditd comes with the additional load and time to setup as well. If an account is modifying something I still would like to look back in the history and see who or what is logging in and trying. | |
| Mar 27, 2012 at 21:49 | comment | added | Gilles 'SO- stop being evil' | If this is on Linux, consider using auditd. I'm not sure if its logs will give you enough information. The difficulty of what you want is precisely why shared accounts are so decried. | |
| Mar 27, 2012 at 17:16 | history | edited | 2bc | CC BY-SA 3.0 | added edit 1 |
| Mar 27, 2012 at 17:09 | comment | added | 2bc | @jw013 Thanks for the comment. However, that has to be configured and managed plus I given the information I have read I would be best off excluding directories like /proc /dev and users /home directories. This adds overhead. Whereas history is already being recorded and their connection information is known to the system connecting IP etc... This information if not already available "statically" could be set that way or stored in a variable or file and input to the history records and the performance hit would be very small or 0. | |
| Mar 27, 2012 at 15:36 | comment | added | jw013 | Sounds like process accounting may be useful. The shell history was never designed for logging, and if you do want to use it you have to trust all of your users. See related question on monitoring activity and a related answer. | |
| Mar 27, 2012 at 14:40 | history | asked | 2bc | CC BY-SA 3.0 |