Find the answer to your Linux question:
Page 3 of 3 FirstFirst 1 2 3
Results 21 to 27 of 27
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #21

    Ok, I found the solution, my error was exactly in the definition of category, the following /etc/named.conf allow me to log my queries in the terminal, in the /var/log/named.log and /var/log/messages (through rsyslogd) at the same time.

    logging {
            channel default_syslog {
    	    syslog daemon;                     
    	    severity info;
    	channel bindlog {
    		file "/var/log/named.log" versions 3 size 20m;
    		print-time yes;
    		print-category yes;
    		print-severity yes;
    	channel debug {
    		print-time yes;
    		print-category yes;
    		print-severity yes;
    	category queries { debug; bindlog; default_syslog;};
    Thank you Irithori! I was lost without your help!

  2. #22
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Glad you figured it out.
    I was a bit busy myself, so I couldnt post.

    have fun
    You must always face the curtain with a bow.

  3. #23
    I'd like to know if there is a way to log the calling of a command/application through rsyslogd (therefore within 'messages'), as we did before with DNS queries with bind.

    For example if I write in the shell:

    $ ping


    $ ls -l

    I'd like to see in messages a log as
    "user eferre: calling ping"
    or something similar....

    For my goals it's the same if this log can be generated by rsyslogd directly or by another application, passing the log to rsyslogd (like bind)

  4. $spacer_open
  5. #24
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    There is the history command.

    And I think I saw a "logging shell" on freshmeat once.
    Will search as time allows.
    Question here would be: what would stop the user to change to another, non logging shell
    You must always face the curtain with a bow.

  6. #25
    I'd like to be dependent on the shell the least possible. It means that it's better if I succeed in logging the process creation and not the calling. In other words I'd like to know which user starts a given process.

    If I insert
    in a bash script, I would like to see that ping was called anyway...

  7. #26
    I found out some useful informations:

    psacct can do what I was looking for, through command
    $ lastcomm
    I can monitor each process starting related to the user/group which performed the action.

    Now the problem is: I'd like that as soon as a new process starts, a log is directly sent to /var/log/messages... maybe I can do that with a script, using "logger" in it... I'll check it out... meanwhile simpler solutions are well accepted!

    Thank you!

  8. #27
    Ok, this is my script and it works fine (monitoring nslookup processes only)

    #! /bin/bash
    if [ ! -e ./lastcomm_old.txt ]; then
    	touch ./lastcomm_old.txt
    while true; do
    	lastcomm nslookup > ./lastcomm_new.txt
    	old=$( wc -l ./lastcomm_old.txt )
    	new=$( wc -l ./lastcomm_new.txt )
    	n_old=${old%% *}
    	n_new=${new%% *}
    	let dif=n_new-n_old
    	if [ $dif -gt 0 ]; then
    		while [ ! $dif -eq 0 ]; do
    			command=$( grep -n nslookup lastcomm_new.txt | grep -E ^$dif)
    			temp=${command#*:nslookup }
    			temp=$( echo $temp )
    			user=$( echo $user )
    			logger "nslookup command executed by $user"
    			let dif=dif-1			
    	mv -f ./lastcomm_new.txt ./lastcomm_old.txt
    	sleep 2s	
    As you can see it is active because I need to run "lastcomm nslookup" periodically to verify the presence of new nslookups... This is a little raw, but I think I don't have the knowledge to do better...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts