RE: email when user su's to root



Very interesting! Thanks to all who responded. I'm going to try this and see
how it goes.

Anne

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx]
On Behalf Of Yong Huang
Sent: Saturday, March 14, 2009 8:20 PM
To: redhat-list@xxxxxxxxxx
Subject: Re: email when user su's to root


do you need to know, realtime, when someone's su'ing to root? Would a
daily or hourly report work?

Others have excellent input on this topic. I just want to point out that for
this type of monitoring and notification, it's better to use "tail -f"
instead of a cron job to repeatedly scan the log file. I have some notes
about this. See "How to get alert by reading log files" at
http://yong321.freeshell.org/computer/logfile.html

Basically, you run tail -f <the file you're monitoring> | filter and email
command

This approach has much less overheard and sends email almost immediately. On
Linux, you can use -s option to change probing interval to a longer time if
you think once-per-second is too frequent.

Yong Huang




--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list