I've been trying to get an answer to tty logging for a long time without anyone able to answer. I want to log everything that is written to and from a certain tty. I expect this to be a kernel module. Anyone have any pointers where I can look?. Is there an existing module?
--
b0ef
On Wed, 2004-01-21 at 16:48, Esben Stien wrote:
> I've been trying to get an answer to tty logging
> for a long time without anyone able to answer.
> I want to log everything that is written to and
> from a certain tty.
You can just cat the device, like cat /dev/tty<number>. So you can also
use normal redirectors (> , >> etc) or use a pager.
Ludootje
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/CC/MU>TW d- s: a--->-->$ C++>$
UL++++ L+++>++++ M- w--(---) !O V(-)
P-- E--->+ W++ N+>++ o? PS++(+++)
PE-() Y+ PGP t- 5? X(+) R- tv+() b+
DI+(---) D- G e- h! r- y?
------END GEEK CODE BLOCK------
On Jan 21, 2004 17:48 +0100, Esben Stien wrote:
> I've been trying to get an answer to tty logging for a long time
> without anyone able to answer. I want to log everything that is written
> to and from a certain tty. I expect this to be a kernel module. Anyone
> have any pointers where I can look?. Is there an existing module?
This can be done relatively easily in userspace via "script" or "screen".
Cheers, Andreas
--
Andreas Dilger
http://sourceforge.net/projects/ext2resize/
http://www-mddsp.enel.ucalgary.ca/People/adilger/
Andreas Dilger <[email protected]> writes:
> This can be done relatively easily in userspace via "script" or "screen".
Yes, though I want this for monitoring. I don't want to start neither script nor screen when a user logs into a tty. I just want to log everything written in a tty.
--
b0ef
Ludootje <[email protected]> writes:
> You can just cat the device, like cat /dev/tty<number>. So you can also
> use normal redirectors (> , >> etc) or use a pager.
If I do cat /dev/tty1 on /dev/tty2, I see what I write to /dev/tty1 on /dev/tty2, but I don't see what I write to /dev/tty1 while working in /dev/tty1 (all the input is being printed on /dev/tty2) . And besides, I only see the input I type, not the output of f.ex a command (on /dev/tty2). I want to monitor users and log everything that is done on a specific tty when they log in.
--
b0ef
On Wed, Jan 21, 2004 at 10:34:05PM +0100, Esben Stien wrote:
> Ludootje <[email protected]> writes:
>
> > You can just cat the device, like cat /dev/tty<number>. So you can also
> > use normal redirectors (> , >> etc) or use a pager.
>
> If I do cat /dev/tty1 on /dev/tty2, I see what I write to /dev/tty1 on /dev/tty2, but I don't see what I write to /dev/tty1 while working in /dev/tty1 (all the input is being printed on /dev/tty2) . And besides, I only see the input I type, not the output of f.ex a command (on /dev/tty2). I want to monitor users and log everything that is done on a specific tty when they log in.
This is in debian:
Package: ttysnoop
Priority: optional
Section: admin
Installed-Size: 56
Maintainer: Alberto Gonzalez Iniesta <[email protected]>
Architecture: i386
Version: 0.12c-8
Depends: libc6 (>= 2.3.2-1)
Filename: pool/main/t/ttysnoop/ttysnoop_0.12c-8_i386.deb
Size: 15126
MD5sum: 462a28b83327bd2ae987791528e9e095
Description: TTY Snoop - allows you to spy on telnet+serial connections
TTYSnoop allows you to snoop on login tty's through another tty-device or
pseudo-tty. The snoop-tty becomes a 'clone' of the original tty,
redirecting both input and output from/to it.
Good afternoom, Esben,
On 21 Jan 2004, Esben Stien wrote:
> I've been trying to get an answer to tty logging for a long time without
> anyone able to answer. I want to log everything that is written to and
> from a certain tty. I expect this to be a kernel module. Anyone have any
> pointers where I can look?. Is there an existing module?
User-Mode Linux can log all traffic to or from a tty to files
stored on the host.
http://user-mode-linux.sourceforge.net/tty_logging.html
Any questions about this feature should be directed to:
[email protected]
Cheers,
- Bill
---------------------------------------------------------------------------
How's my programming? Call 1-800-DEV-NULL
(Courtesy of http://www.tux.org/~ricdude/)
--------------------------------------------------------------------------
William Stearns ([email protected]). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
Linux articles at: http://www.opensourcedigest.com
--------------------------------------------------------------------------