RE: email when user su's to root
- From: "Anne Moore" <diabeticithink@xxxxxxxxx>
- Date: Tue, 17 Mar 2009 16:20:24 -0400
Very interesting! Thanks to all who responded. I'm going to try this and see
how it goes.
Anne
-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx]
On Behalf Of Yong Huang
Sent: Saturday, March 14, 2009 8:20 PM
To: redhat-list@xxxxxxxxxx
Subject: Re: email when user su's to root
do you need to know, realtime, when someone's su'ing to root? Would a
daily or hourly report work?
Others have excellent input on this topic. I just want to point out that for
this type of monitoring and notification, it's better to use "tail -f"
instead of a cron job to repeatedly scan the log file. I have some notes
about this. See "How to get alert by reading log files" at
http://yong321.freeshell.org/computer/logfile.html
Basically, you run tail -f <the file you're monitoring> | filter and email
command
This approach has much less overheard and sends email almost immediately. On
Linux, you can use -s option to change probing interval to a longer time if
you think once-per-second is too frequent.
Yong Huang
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
- References:
- Re: email when user su's to root
- From: Yong Huang
- Re: email when user su's to root
- Prev by Date: Re: Problems with NIS on RedHat Enterprise 5.3 system.
- Next by Date: RE: Backup and restore my server
- Previous by thread: Re: How to keep environment variables when sudo in RHEL5
- Next by thread: Help with bash script
- Index(es):
