[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: I can't create true log file.

On Wednesday 15 March 2006 04:29, Evren Kalayciklioglu wrote:
> What i want to do that: when a user changes a file or
> its contains the system make a log file containing
> when it be done, who did it, which user did it.

Depending on the kernel you are using, audit can do this for you. What you are 
trying to do is called adding a watch. The RHEL4 kernel can do this. We are 
currently working to get a patch upstream that will allow all kernels to do 

> Because i want user name but it give user id, 

They are one in the same. ausearch -i will interpret the numbers to names.

> i want file name but it give a number.

Huh?  The filename would be in a WATCH record or PATH record. It is sometimes 
encoded when a character is in the filename that is also used as a delimiter, 
but once again, ausearch will do the conversion.

> I  also want to add printing jobs in this log file the same conditions.

This would be difficult in the current utilities. One would need to patch cups 
for this...which is being done for our LSPP work. But it won't be available 
for a little while longer.

> On the other hand; i think i can't be successful for configuration and rules
> files.

The capp.rules file has examples. Look for the "-w" lines, but once again, 
only the RHEL4 U2 and higher kernels can do this.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]