On Tue, Jul 03, 2012 at 11:28:34AM +0200, Johan Ryberg wrote: > Hi. > > I need to log all user activity and store the data on a logging facility. > > Accouting provides some information but not all. > > Is it possible to use syslog and transmit every command entered by the users?
accouting doesn't show arguments for command name, also it is not recorded if the command doesn't terminate..., imagine reboot, see acct(2). We use a "connect" server with patched sshd where is defined ForceCommand per each user. This defined command saves every text and forward it to read destination server with kermit I think. So this solution is something like man-in-the-middle, its logging is needed because we login to destination servers directly as root. It works but it's strange. I was thinking to test http://ttyrpld.sourceforge.net/desc.php jirib
